Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple countries.

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

This week, Russian hackers targeted Signal and WhatsApp users, permit-fee phishing hit U.S. applicants, ClickFix on WordPress ...

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

Later in the same year, Microsoft claimed it began rolling out a “native” version of Copilot, which was not exactly native, ...

And more useful than I thought.

Researchers scanning 10 million webpages have found that nearly 10,000 pages contained live API credentials left in plain sight, potentially exposing access to services from cloud platforms to payment ...

Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, ...

JFrog has uncovered GhostClaw, a fake OpenClaw npm package that stole Keychain passwords, cloud credentials, and crypto wallets from 178 macOS developers.

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB of data.

Melbourne-based hedge fund and miner’s third-largest investor says deal is too expensive, carries execution risk and has ...