TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...

Today, I’m pleased to introduce something I’ve been working on for the past six months: Shortcuts Playground, a plugin for ...

Meta’s Rust-powered linter and type checker for Python pairs blazing speed with advanced and innovative features.

OpenKeychain makes file encryption on Android actually simple, so stop using cloud storage for sensitive data.

A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels.

PCWorld reports that Microsoft is restoring the missing ‘Refresh’ and ‘Print’ options to Windows 11 File Explorer’s right-click context menu after user complaints. These essential features are ...

iOS 26.5 is here, and one of its tentpole features is RCS end-to-end encrypted messaging. Here’s the list of carriers that currently support the new RCS feature. Here are the carriers that support end ...

Trump officials on Friday released their first batch of declassified files related to unidentified flying objects, following President Donald Trump’s directive to make long-secret documents broadly ...