On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

This technique can be used out-of-the-box, requiring no model training or special packaging. It is code-execution free, which ...

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...

Nvidia led a week of big AI moves, major security threats, app ecosystem changes, and tech industry shakeups across Apple, Google, Meta, Microsoft, and OpenAI.

JavaOne Oracle has shipped Java 26, a short-term release, and introduced Project Detroit, which promises faster interop ...

Passwords were once considered the backbone of online security, but they've become one of its weakest links. Reused credentials, phishing emails, and large-scale data leaks have exposed just how ...

A sophisticated Python-based malware deployment uncovered during a fraud investigation has revealed a layered attack involving obfuscation, disposable infrastructure and commercial offensive tools.

A malicious Python package masquerading as a legitimate Telegram development tool has been identified as a vehicle for remote code execution attacks, raising concerns about supply chain security ...

Over the next decade, artificial intelligence will dominate computing, driving profound changes in both hardware and software architectures. This transformation will reshape data center design and ...

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into ...