Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

A hands-on test found that OpenClaw can work with VS Code for file-based drafting and source-driven synthesis, but the current experience is still centered on a local gateway and workspace model rathe ...

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU ...

OpenAI announced they are extending the Responses API to make it easier for developer to build agentic workflows, adding ...

Researchers managed to steal GitHub OAuth tokens by abusing a command injection vulnerability.

On March 19, 2026, a threat actor known as TeamPCP compromised Aqua Security’s Trivy vulnerability scanner – the most widely adopted open-source scanner in the cloud-native ecosystem. The attacker ...