A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

Sometime in late May 2026, a poisoned update slipped into the @antv family of JavaScript visualization libraries, the charting toolkit behind countless dashboards and data-heavy front ends. Security ...

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

The last time we did this analysis, Buffalo's 14212 came in as the most unstable neighborhood in Western New York. This year, ...

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Every time a professional opens LinkedIn in a Chrome-based browser today, hidden JavaScript silently probes their device for ...

Now half the scientific community looks like caffeinated DJs remixing protein structures at 2 a.m. while whispering things ...

Supply chain security company Safety has discovered a trojan masquerading as Anthropic’s popular Claude Code AI software development assistant. Anthropic describes Claude Code is an agentic coding ...

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had spread to at least 169 packages across the npm registry, the world’s ...

Adobe patches a critical PDF flaw exploited for months, allowing attackers to bypass sandbox protections and deliver malware. Users urged to update now. Adobe rushed an emergency patch for a critical ...