According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...

Naomi Osaka has withdrawn from the Australian Open before her third-round match against Maddison Inglis. She announced the ...

In January 2026, former special counsel Jack Smith unexpectedly released all of his files on U.S. President Donald Trump by publicly uploading them.

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no ...

A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact ...

A judge says congressional cosponsors of a law forcing the Justice Department to release its files on Jeffrey Epstein and ...

I rely on a handful of open-source web apps that handle everyday tasks without installing anything locally.

It's been a month since the Congress-imposed deadline for the Department of Justice to release its files on Jeffrey Epstein.