Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

This software includes builds on the work from the WAI's ATAG Report Tool (ART) and WCAG-EM Report Tool. Copyright © 2021 W3C® (MIT, ERCIM, Keio, Beihang). W3C ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had ...

It's also the hottest May day recorded in Wales, while Scotland and Northern Ireland have had their hottest days of the year ...

The malware spread through npm, PyPI, and Rust packages in coordinated waves. It steals crypto wallets, SSH keys, and cloud developer credentials. AI coding tools were also targeted through malicious ...

A known Belarussian cyber-espionage group is back with a threat campaign against targets in Eastern Europe that uses spear-phishing to deliver malicious payloads to Eastern European government and ...

TanStack tightens security measures after supply chain attacks. Pull requests may soon only be possible by invitation.

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...