Grafana refused an extortion demand after attackers used a stolen GitHub token to download code, with no customer data ...

The updated SHub stealer variant is called Reaper, and it uses macOS Script Editor, pre-populated with the malicious payload ...

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

A dangerous new zero-day vulnerability targeting on-premises Microsoft Exchange Server deployments has triggered alarm across the cybersecurity industry after Microsoft confirmed the flaw is already ...

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

Sure, AI agents such as Mythos can find security vulnerabilities in software, but the bigger question is whether they can ...

A poisoned open-source dependency let attackers breach two OpenAI employee devices and steal credentials from a limited set of its internal source code repositories, OpenAI confirmed in a May 14, 2026 ...

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow ...

OpenAI said it found no evidence that user data was accessed after a supply-chain attack involving the TanStack npm library.

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.