Supply chain attacks feel like they're becoming more and more common.

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

University of Colorado Boulder researchers have discovered an appetite-suppressing compound in python blood that helps the snakes consume enormous meals and go months without eating yet remain ...

Explore Homebrew Statistics to uncover key usage trends, installs, and growth insights that help developers make smarter ...

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

Exclusive: Kino Lorber, the distributor behind 2026 Best Documentary Feature Oscar winner "Mr. Nobody Against Putin," will release the Cannes 2025 favorite beginning April 17. The director reunites ...