A phishing campaign targeting healthcare, government, hospitality, and education sectors uses several evasion techniques to ...

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching ...

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

Independent researcher Simon Willison raises questions about hidden Series A and B rounds, investor windfalls, and whether a ...

It's not just drugs or weapons that are smuggled over the US Border, sometimes it's weird items, and often they are headed ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

When you're trying to get the best performance out of Python, most developers immediately jump to complex algorithmic fixes, using C extensions, or obsessively running profiling tools. However, one of ...

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...