The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...

Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open ...

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

Malicious code inserted into four SAP-related npm packages exposed developer workstations and automated build systems to credential theft, marking a sharp escalation in attacks against open-source ...

You hear about it everywhere, from LinkedIn posts to keynote speakers to job listings: Learning to use AI is the way to get ahead in your job and help future-proof your career. But you may not know ...

Weekly cybersecurity recap covering zero-days, malware, phishing, supply chain attacks, cloud threats, AI security risks, and ...

A SIM (Subscriber Identity Module) is a tiny bit of circuitry that uniquely identifies your cellular modem in a phone, tablet, or other device to nearby cellular networks to allow access for voice, ...

Over the last several years, Apple has dramatically improved how it handles lithium-ion battery charging in iPhones, iPads, Macs, and Apple Watches. Across multiple system releases, the company moved ...