TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...

Ripple CTO David Schwartz issues a security warning over a BitLocker flaw and a fresh wave of XRPL scams targeting holders.

New Android safeguard: Intrusion Logging records daily device activity to help researchers analyze spyware intrusions, with encrypted logs stored in the user’s Google cloud account. AI-driven attack ...

ReliaQuest observed attackers pairing ClickFix with the PySoxy proxy tool to establish redundant encrypted access paths and ...

Google claims to have thwarted a significant cyberattack by state-sponsored hackers using an AI-developed zero-day exploit. The vulnerability, which bypassed two-factor authentication in an unnamed ...

CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities ...

Instagram will remove end-to-end encryption for direct messages between users from May 8, 2026. When the date comes around, Meta will potentially be able to see the contents of all messages between ...

As portable storage declines in favor of cloud services, the question of whether an encrypted USB drive is worth it has moved from convenience to security. Cloud storage, AirDrop, and messaging apps ...