A Rust infostealer called IronWorm hid in 36 npm packages from the Arweave ecosystem. The malware self-replicated and then pushed backdated malicious commits across nine organizations. Developers who ...

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

CTP allows devices connected via Bluetooth or USB to send commands to the speaker, such as changing LED colors and equalizer ...

Gong and other scholars have been issuing warnings about the security vulnerabilities of AI agents for a while. They publish ...

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...

Attack preparation can come in many forms, such as writing malware and disrupting system performance. “Malicious actors are using AI in ways that make them more dangerous. More specifically, threat ...

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

The comments on some Steam Profiles are actually loaded with invisible malware.

Weedhack malware targets Minecraft players via YouTube and SEO poisoning since Jan 2026, enabling credential theft and remote ...