The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Hugging Face and ClawHub, the two largest repositories for AI models and agent skills, have been systematically compromised with hundreds of malicious entries that steal credentials, open backdoors, ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based ...

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. The attacker ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Hackers are now abusing ChatGPT to generate malicious webpages that trick unsuspecting users into downloading malware onto their machines.

An undocumented malware implant suspected to be associated with a China-linked actor has been identified by researchers at Cato Networks’ Cyber Threats Research Lab (CTRL). Their discovery was made ...

In April, the certification authority DigiCert issued several Code Signing Certificates to malware authors. The attackers had previously compromised the computers of customer service employees at ...

31st October 2025: We added new Gym League codes. Gym League is a Roblox game set in an outdoor gym at a beach. You’ll create your own character, train with a variety of machines and weights, and work ...