An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

“The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will have far reaching impacts,” a chief Google analyst said. North Korea-aligned ...

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised. On ...

Researchers have observed a “dangerous convergence” between supply chain attackers and extortion gangs like Lapsus$ as TeamPCP looks to exploit stolen credentials. In a new report published on March ...

Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...

Fraud operations have expanded beyond traditional hacking techniques to include methods that exploit legitimate services and real-world infrastructure. By combining publicly available data, weak ...

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware disguised as a Microsoft Teams error fix, turning one of the most popular ...

Security researcher Chaofan Shou discovered on March 31 that Anthropic's Claude Code CLI tool had its full TypeScript source code sitting in plain sight on the public ...