The DDoS attack against Mastodon's flagship server comes less than a week after Bluesky was targeted with junk web traffic.

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim ...

Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by inspecting and blocking risky packages, IDE ...

DeFi's "worst year in terms of hacks," Ledger's CTO said, as the Kelp exploit shows how a single point of failure can cascade ...

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

Backed by Sonatype's industry-leading security research team, Sonatype Repository Firewall helped customers prevent 136,107 open source malware attacks in Q1. To explore the full findings from the Q1 ...

The latest monthly Patch Tuesday update from Microsoft landed earlier on 14 April, including two notable zero-day flaws amid ...

OpenAI rotated certificates and updated its apps out of an abundance of caution.

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, ...

OpenAI is one of many organizations affected by the recent Axios supply chain attack attributed to North Korean hackers.