On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Abstract: The proliferation of Internet of Things (IoT) devices has brought about an increased threat of botnet attacks, necessitating robust security measures. In response to this evolving landscape, ...

TeamPCP strikes again, with almost identical code to LiteLLM.

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the ...

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

A critical Langflow vulnerability leading to unauthenticated remote code execution has been exploited hours after public ...

Criminals have secretly hijacked more than 14,000 devices worldwide in order to carry out attacks that are almost impossible to protect against, security researchers have warned. The majority of ...

Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques. "The ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of ...

A newly discovered botnet malware called KadNap is targeting ASUS routers and other edge networking devices to turn them into proxies for malicious traffic. Since August 2025, KadNap has grown to ...

Abstract: In recent years, supply chain attacks have garnered significant attention from both enterprises and the security community due to their profound impact. Numerous studies have begun to focus ...