IT researchers have identified a supposedly critical zero-click vulnerability in Telegram. Telegram disputes this.

Hackers breach Checkmarx developer tools to steal sensitive data, exposing risks in widely used software systems.

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

At RSAC 2026, there has been a definite change in topic as the world has been shifting from conversational AI to agentic AI. The world is moving from AI that answers questions to AI that takes actions ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

This weekly recap, “Best of the Worst,” is the companion piece. Every Friday, I’ll summarize the attacks we published that ...

Security experts have warned that an Iranian ransomware group has returned with enhanced evasion, execution and ...

An attack on the open-source library for connecting to LLMs has apparently occurred, allowing two compromised packages to ...

Email spoofing remains one of the most common tactics used in phishing and cyberattacks. When attackers send emails that appear to come from a trusted domain, organizations risk brand damage, data ...

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...