SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

Wiz discovered a critical remote code execution vulnerability in GitHub that exposed millions of repositories.

A widely used open-source tool stole passwords and API keys from over 1 million users. Here's what Ghanaian developers need ...

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...

The real leap in Anthropic's and OpenAI's latest cyber-capable models isn't that they can hack in entirely new ways, but that ...

The software bug was capable of crashing an operating system used by firewalls, servers and network appliances. It went undetected for over 27 years. Last month, it was caught by Mythos, the latest AI ...

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, opening up new strategic vulnerabilities and new pathways to geopolitical ...

The leak online of exploit code for an apparent Windows zero-day flaw dubbed "BlueHammer" could be the sign of a larger issue that security researchers face when collaborating with Microsoft on ...

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware disguised as a Microsoft Teams error fix, turning one of the most popular ...

Meta Platforms Inc. plans to release open-source versions of its next-generation artificial intelligence models, Axios reported today. The company debuted its most capable neural network last April.

To say Meta’s attempts to become a leader in AI have thus far fallen short would be like calling Mount Everest a short hike. But the company is pot-committed to the project, with plans to spend more ...

It’s a case of search-engine failure. Google has issued a security alert to Chrome users after confirming that cybercriminals had exploited a vulnerable system, marking the second such advisory in ...