A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...

Nearly two dozen Epstein accusers told Reuters that speaking out sparked threats and relentless harassment, in some cases ...

OpenAI has brought its Codex coding agent to the ChatGPT mobile app, providing iPhone and Android users with remote access to ...

Meet Termzy AI, a browser extension that uses DeepSeek’s LLM to analyze and summarize online contracts and surface the most ...

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...

When you hear "the dark web," you probably think of illegal, sordid activity, but that's not the whole picture. I don't recommend staying long, but these tips can help you explore the dark web using ...