Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...

Weekly ThreatsDay Bulletin: supply chain attacks, fake support lures, AI tampering, data leaks, ransomware, and exploited ...

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused ...

Recently, I stumbled upon Material Files, which is an open-source Android app, and I almost instantly proclaimed it the perfect Android file manager. It looks native on my Pixel 9 Pro and has exactly ...

Who won?: Gemini 3.1 Pro claimed first place in a multi-AI Python debugging challenge, outperforming ChatGPT and Claude. What was tested?: The flawed script contained syntax errors, path handling ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a ...

May the best coding AI win!

A fake repository mimicking OpenAI’s Privacy Filter on Hugging Face accumulated ~244,000 downloads before being removed. It delivered a multi-stage Rust infostealer ...

Critical out-of-bounds read in Ollama before 0.17.1 leaks process memory including API keys from over 300000 servers via ...

MacBook Neo starts at $599 with an A18 Pro chip, a bright 13-inch display, and clear trade-offs in ports, battery claims, and premium features.

Yubico warns of a search path vulnerability in YubiKey Manager, libfido2 and python-fido2. Updates fix the bugs.