The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

Fake SSA email urges downloads with urgent warning. Learn key red flags and how to protect your data before it’s too late.

UNC6692 has been attributed to a large email campaign that's designed to overwhelm a target's inbox with a flood of spam ...

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian ...

Microsoft quietly took an official stand in a Learning Center article published earlier this month, which Windows Latest ...

Scammers built a convincing fake Windows update site that installs password-stealing malware. Learn how the multi-stage ...

Chainguard, the trusted source for open source, today announced a partnership with Cursor, the leading multi-model AI coding platform, to secure the next generation of agentic software development.

Bybit's Security Operations Center disclosed a macOS malware campaign using SEO poisoning to target developers searching for ...

ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI.

Users are being shown pop-up alerts such as "Urgent System Update Required," clicking the link in such messages downloads malicious files| India News ...

A new Android malware strain can reinstall itself even after deletion, using system permissions and backup mechanisms. Here’s ...