Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

Debugging isn’t just guessing.

Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.

Surrey Police are investigating two separate allegations of child sexual abuse following the release of the Epstein files.

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background ...

Every time a professional opens LinkedIn in a Chrome-based browser today, hidden JavaScript silently probes their device for ...

A federal court on Monday dismissed claims filed against OpenAI and its top executives by Elon Musk, who accused them of betraying a shared vision for it to remain a ...

This live blog is now closed.

The South Carolina Supreme Court overturned Murdaugh's murder convictions for the deaths of his wife and son.

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.