A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to ...

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.

Anthropic exposed Claude Code source on npm, revealing internal architecture, hidden features, model codenames, and fresh ...

Claude, the AI chatbot from Anthropic, experienced a significant outage on Monday evening, impacting login and connection issues across its services including Claude.ai, API, and Claude Code. The ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

Nine Mexican government agencies targeted by a single attacker with two AI tools.

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Discover how a hacker exploited Claude and ChatGPT to breach government agencies. Learn about the AI-driven tactics used to ...

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden ...

TeamPCP strikes again, with almost identical code to LiteLLM.

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...