A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...

After the supply chain attack on LiteLLM, attackers were able to access internal Cisco data, it is said. Source code from ...

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to ...

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing developers to credential theft, ...

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.

Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign. Threat actors have been abusing credentials stolen in the VS Code GlassWorm campaign to hack ...

On a warm and clear Wednesday morning in the Everglades, researchers Melissa Miller and Brandon Welty dug through grass and dirt in search of a ten-foot snake they had seen just a week before. Members ...

A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports ...

For IT and cybersecurity leaders, credential sprawl — the uncontrolled proliferation of authentication secrets like passwords, keys, and tokens across an organization’s infrastructure — has become a ...