Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Malicious Sicoob.Sdk stole PFX certificates and client IDs via NuGet downloads, enabling API impersonation and payment abuse risks.

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...

Dify, a popular low-code AI application development platform with over 142,000 stars on GitHub, was found to contain critical vulnerabilities that allowed a one-click account takeover. Imperva ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Downloaded files are easy to lose track of. One minute you’re saving a PDF, photo, menu, meme, or attachment. The next, it feels like your phone swallowed it whole. Even the best smartphones can feel ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

Compare top AI app builders for prototyping, mobile apps, internal tools, backend depth, security, pricing, and code ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

Amid mounting student complaints over CBSE’s new On-Screen Marking system, a Class 12 student and cybersecurity researcher ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...