Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Three LangChain flaws enable data theft across LLM apps, affecting millions of deployments, exposing secrets and files.

Threats actors pounced on the vulnerability within hours of its disclosure, demonstrating that organizations have little time ...

The common assumption among iPhone security experts has been that finding vulnerabilities and developing exploits for iOS was ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability ...

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Cloud attacks are getting faster and deadlier - here's your best defense plan ...

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

What we know so far: A powerful iOS exploit framework that once appeared to sit in the orbit of government surveillance work is now being reused in criminal schemes to drain cryptocurrency wallets and ...

The report warns CSOs that while AI is helping unsophisticated threat actors, failure to implement cybersecurity basics is fatal regardless of the attacker's skill. A Russian-speaking threat actor is ...

The exploit saw the Moonwell protocol exploited for $1.78 million after cbETH was mispriced at $1.12 instead of about $2,200, intensifying debate around AI-co-authored smart contracts. Moonwell, a ...