The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

A desktop app that lets users stream any movie, TV series, or anime for free and without ads hit the top of GitHub’s global ...

Socket raises $60M to expand AI-driven software supply chain security and protect developers from cyber threats worldwide.

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are ...

Socket is scaling to defend open source against supply chain attacks as AI accelerates software development. SAN ...

Google recently published – and then quickly hid – a potentially dangerous bug found in the Chromium web browser. The ...

CNCF graduation, Microsoft tooling updates and cloud-provider support show broader OpenTelemetry adoption across developer platforms.

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced the graduation of OpenTelemetry, a vendor-neutral, open source ...

Every time a professional opens LinkedIn in a Chrome-based browser today, hidden JavaScript silently probes their device for ...

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...