CVE-2026-5426 enabled KnowledgeDeliver LMS attacks before February 24, 2026, leading to Cobalt Strike infections.

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

If you own an older iPhone that hasn’t been updated in a while, Apple may have already gotten your attention. Starting in recent weeks, the company has begun pushing persistent lock screen ...

The free plugin is now available on the WordPress Plugin Directory, compatible with Contact Form 7, WPForms, Ninja ...

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not laced with malicious code. In 2025, those odds got significantly worse.

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...