This week’s recap covers exploited flaws, supply chain attacks, phishing kits, AI lures, macOS stealers, urgent CVEs, tools, ...
The Weaviate incident in 2025 illustrated this clearly. A researcher discovered an exposed OpenAI API key in a public ...
Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...
A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...
Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.
TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
Perfect for fast existence checks using Set.has (). 🔵 Map (The Better Dictionary) Unlike plain objects, a Map can use any data type (even objects!) as keys. It solves the limitations of using objects ...
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor ...
Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results