With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI models before authentication is checked.

A threat actor has been observed using AI coding tools to develop and refine malware designed to slip past endpoint detection ...

Google DeepMind just rolled out Gemma 4 12B, a 12-billion-parameter model that can parse text, images, audio, and video ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...

Dashlane said that attackers mounted a coordinated hacking campaign against a large base of its users in an attempt to ...

iOS 26.5 will encrypt RCS text messages between iOS and Android. The encryption supports the iPad, Mac, and Apple Watch. The update brings new Pride wallpaper to iPhone and Apple Watch. iPhone owners ...

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...

End-to-end encryption (E2EE) for RCS messages between iPhone and Android devices is officially available, Apple confirmed today. Support is included in iOS 26.5, which is now available to everyone.