Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

Adversaries weaponized recruitment fraud to steal cloud credentials, pivot through IAM misconfigurations, and reach AI ...

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.

KEV Collider combines data from multiple open source vulnerability frameworks to help cybersecurity teams assess which issues ...

A decade-old critical security vulnerability affects over 800,000 internet-exposed telnet servers, with reports of active ...

JFrog security researchers have exposed two critical vulnerabilities (CVE-2026-1470, rated 9.9; and CVE-2026-0863, rated 8.5) in the n8n workflow automation platform.

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to ...

Two malware campaigns weaponize open-source software to target executives and cloud systems, combining social engineering ...

StrongestLayer's new threat intelligence report is based on an analysis of 2,042 advanced email attacks that successfully bypassed well-known secure email gateways before being detected. #EmailSecurit ...

Two vulnerabilities in n8n’s sandbox mechanism could be exploited for remote code execution (RCE) on the host system.

Yahoo this week unveiled Scout, an AI-powered "answer engine" now in beta across desktop (at scout.yahoo.com), mobile ...

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.