Sometime in early 2025, a security researcher flagged a configuration file that could do something it was never supposed to: ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Oracle powers some of the most critical workloads in the enterprise. It’s also one of the places where static, long-lived database passwords still hide in plain sight – hardcoded in config files, ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...

May 2026 dropped three critical Linux vulnerabilities on a near-weekly cadence, and the security discourse has mostly treated them as three separate bad days. They’re not. Together they form a ...

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused ...

Notepad++ has a worthy rival for huge files.

Although most people have fast internet access nowadays, sending large files and amounts of data remains a problem. This is because free e-mail services such as Outlook.com or Gmail limit the data ...

With Flash GA, the company is attempting to transition from being a provider of raw compute to becoming the essential orchestration layer for the AI-first cloud.