In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million times per week on npm, and pushed poisoned versions straight to the public ...

In an ongoing cyberattack, hackers have compromised several popular open source projects that software developers all over the world rely on. On Tuesday, cybersecurity firms StepSecurity and SafeDep ...

Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI. The exploit could be leveraged ...

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.

A Rust infostealer called IronWorm hid in 36 npm packages from the Arweave ecosystem. The malware self-replicated and then pushed backdated malicious commits across nine organizations. Developers who ...

Hackers have compromised several popular open source projects relied on by software developers all over the world in an ongoing cyberattack. On Tuesday, cybersecurity firms StepSecurity and SafeDep ...

Your Monday cybersecurity recap covers the latest digital threats, exposed weaknesses, active attacks, and security stories ...

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

Google says hackers used AI to help build a zero-day exploit targeting 2FA, raising concerns about AI-assisted hacking. Google says hackers used AI to help build a zero-day exploit, then stopped it ...

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...

A recently patched Linux privilege escalation vulnerability now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. The ...

The $10.7 million THORChain exploit was caused by a GG20 vulnerability, which allowed a malicious node to reconstruct a full private key to one of its vaults. THORChain said a malicious node operator ...