Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

The app works by creating encrypted “vaults.” Anything you place inside a vault gets scrambled into unreadable data unless ...

Dashlane said that attackers mounted a coordinated hacking campaign against a large base of its users in an attempt to ...

A newly discovered malware campaign targeting the open source software ecosystem underscores how rapidly supply chain threats are evolving. The campaign, which JFrog has dubbed "IronWorm," targets ...

A threat actor has been observed using AI coding tools to develop and refine malware designed to slip past endpoint detection ...

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Microsoft broke from its regular monthly patch schedule in late May 2026 to push an emergency fix for a vulnerability that ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...

As part of the iOS 26.5 update, Apple’s Messages app can now encrypt texts between some iPhone and Android smartphones. Texts between Apple devices in the Messages app, aka iMessages, have been ...

Instagram will remove end-to-end encryption for direct messages between users from May 8, 2026. When the date comes around, Meta will potentially be able to see the contents of all messages between ...