North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and data-stealing malware.

From prompt injection to deepfake fraud, security researchers say several flaws have no known fix. Here's what to know about them.

Darktrace researchers say hackers used AI and LLMs to create malware to exploit the React2Shell vulnerability to mine ...

India is being targeted by multiple espionage campaigns delivered by the Pakistan-attributed Transparent Tribe (aka APT36).

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

Adversaries weaponized recruitment fraud to steal cloud credentials, pivot through IAM misconfigurations, and reach AI ...

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.

Hacktivist group claims a 2.3-terabyte data breach exposes information of 36 million Mexicans, but no sensitive accounts are ...

KEV Collider combines data from multiple open source vulnerability frameworks to help cybersecurity teams assess which issues ...

A decade-old critical security vulnerability affects over 800,000 internet-exposed telnet servers, with reports of active ...

Researchers at QED Secure show how a connected wheelchair could be remotely hijacked, highlighting growing cyber risks in medical devices.

Two malware campaigns weaponize open-source software to target executives and cloud systems, combining social engineering ...