A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...

現地時間の2026年5月31日、パスワードマネージャーの「Dashlane」が外部から総当たり攻撃を受け、ユーザーのパスワードが保存された暗号化保管庫を盗まれました。このサイバー攻撃の経緯をDashlaneが説明しています。

Your Monday cybersecurity recap covers the latest digital threats, exposed weaknesses, active attacks, and security stories ...

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...

Massive regional C2 footprint More than 1.3K C2 Servers Discovered in the Middle East Hunt.io said it identified more than ...

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

GitHub is investigating a cyberattack linked to a malicious VS Code extension after hackers allegedly accessed thousands of internal repositories and attempted to sell the data online.

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix maps every blind spot and fix.