Chainguard, the trusted source for open source, today announced it has expanded Chainguard Libraries coverage across Python, Java, and JavaScript, with customers seeing 94% coverage across the Python ...

Source Code Exfiltration in Google Antigravity‍TL;DR: We explored a known issue in Google Antigravity where attackers can silently exfiltrate proprietary source codeBy hiding malicious instructions ...

The term “vibe coding,” coined by Andrej Karpathy in 2025, sent the tech world into a frenzy. The idea was simple but ...

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users from legitimate sign‑in pages to attacker‑controlled infrastructure.

Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ...

Activity on the Reddit-style social network for OpenClaw agents raises serious cybersecurity and privacy concerns.

Researchers uncover APT28-linked phishing attacks against Ukrainian targets deploying BadPaw loader and MeowMeow backdoor for ...

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...

Ads accounted for more than 60% of the malware and phishing campaigns observed by digital safety company The Media Trust in 2025, per a new report.

A threat actor has weaponized Anthropic’s Claude Code to breach the Mexican government’s systems and steal over 150GB of data ...

Check Point research found three critical flaws in Anthropic's Claude Code that allow attackers to execute arbitrary commands and steal API keys through repository ...