A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...

The Linux, MacOS, and Windows terminal is no longer just for commands. Thanks to apps like Wave, you can have a veritable ...

The post Attackers replaced JDownloader installer downloads with malware appeared first on . If you downloaded the JDownloader installer during the compromise window ( ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

What happened?: Attackers exploited a CMS flaw to replace JDownloader’s Windows and Linux installers with malware between May 6–7, 2026. What was affected?: Only Windows and Linux shell installers ...

Between May 6 and 7, it was dangerous to install JDownloader from alternative links on the site.

Weekly cybersecurity recap covering zero-days, malware, phishing, supply chain attacks, cloud threats, AI security risks, and ...

In early May, the JDownloader website delivered malware. This is reminiscent of Daemon Tools, which have since reacted.

Shell has revealed a surge in quarterly profits on the back of the Middle East conflict but also given an update on costly war damage to its output. The oil and gas firm reported net profits of $6.9bn ...

Deal comes five years after Shell sold its US shale business and is its biggest acquisition for a decade Shell has agreed to buy Canadian shale producer ARC Resources for $16.4bn, five years after ...