A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

Security researchers have uncovered covert infostealer malware hidden in one of the top-ranking repositories on Hugging Face, ...

A legacy Windows scripting utility tied to Internet Explorer is still being used in modern malware campaigns, researchers say ...

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

This was not a case of stolen credentials, but rather of vulnerability exploitation.

The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...

Are magic links secure? A security analyst breaks down token entropy, replay protection, expiry, device binding, and email compromise risks for MojoAuth users.

While a punch card is perhaps the lowest-density storage medium available, it has some distinct advantages. As [Bitroller] ...