The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a ...

The infamous GlassWorm malware has infected dozens more Open VSX software packages, according to new research.

DRILLAPP JavaScript backdoor targets Ukraine in Feb 2026, abusing Edge debugging features to spy via camera, microphone, and ...

GlassWorm attack uses stolen GitHub tokens to inject malware into Python repositories, exposing developers to supply chain risks.

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

AI-generated Slopoly malware used by Hive0163 in 2026 attacks maintained access for over a week, highlighting how AI ...

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

Chainguard, the trusted source for open source, today announced Chainguard Repository, a single Chainguard-managed experience for pulling secure-by-default open source containers, dependencies, OS ...

Seemingly out of nowhere, the “Save image as Type” Chrome extension was marked for removal, with Google warning users ...

Polyfill supply chain attack that hit more than 100,000 websites has now been linked to North Korean threat actors.

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies ...

Recent social engineering schemes involving WordPress and Microsoft’s Windows Terminal show that this relatively basic tactic is a growing threat.