Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix ...

Agile software development has been around since the 1990s, but didn’t get the name until the famous meeting of 17 renowned ...

Alibaba's HDPO framework trains AI agents to skip unnecessary tool calls, cutting redundant invocations from 98% to 2% while boosting reasoning accuracy.

Results from the latest Syringe Services Program (SSP) Health Survey reveal that, since 2021, there has been a 49 percentage point decrease in respondents injecting drugs. In 2025, 90% of respondents ...

There appears to be a recent epidemic of users hijacking companies’ AI-powered customer service bots to turn them into generic AI assistants. The goal is to get the branded bots to do their bidding, ...

Yubico warns of a search path vulnerability in YubiKey Manager, libfido2 and python-fido2. Updates fix the bugs.