This week, CISA tightened patching rules, hackers provoked AI scanners. An accused Russian intel hacker appeared in court.

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

The malware used in the attack was dubbed “Miasma” and is described as a self-replicating worm designed to harvest login ...

A China-linked espionage group lived inside corporate cloud accounts for a year and a half by stealing trust instead of ...

The Gentlemen ransomware claims 478 victims as its AI-assisted RaaS operation adds worm-like spread capability.

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade ...

Hackers are exploiting CVE-2026-5027, a high-severity path traversal issue in Langflow, for remote code execution.