The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...

Axios, a widely used JavaScript library, is affected by a new critical vulnerability that enables attackers to chain exploits ...

A Grafana AI flaw enables zero-click data exfiltration by hiding malicious prompts in URLs, said a Noma Security report.

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious ...

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, ...

Spread the loveIn a chilling reminder of the vulnerabilities inherent in open source software, two significant supply chain attacks occurred in March 2026, targeting widely used tools that affect a ...

The leak online of exploit code for an apparent Windows zero-day flaw dubbed "BlueHammer" could be the sign of a larger issue that security researchers face when collaborating with Microsoft on ...

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware disguised as a Microsoft Teams error fix, turning one of the most popular ...

Meta will “eventually” offer open source versions of its new AI models Alexandr Wang is in charge of, but first, the company “wants to keep some pieces proprietary and to ensure they don’t add new ...

Drift Protocol said with “medium-high confidence” that the recent attack was carried out by the same actors responsible for the $58 million Radiant Capital hack in October 2024. Drift Protocol, the ...

It’s a case of search-engine failure. Google has issued a security alert to Chrome users after confirming that cybercriminals had exploited a vulnerable system, marking the second such advisory in ...