Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable ...

A while ago, I wrote a piece on the best way to ensure your privacy with a web browser. Part of that advice was to use the Tor browser. In simplest terms, you cannot get more privacy and security from ...

Notepad++ update servers were compromised for 6 months in 2025. Learn how the Chrysalis backdoor targeted users and why you must manually update to version 8.9.1 now.

A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker's ...

Hijacking web traffic is an old tactic for threat actors. In fact David Shipley, head of Canadian security awareness training ...

Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of ...

I've been writing and editing stories for almost two decades that help people use technology and productivity techniques to ...

This week’s cybersecurity recap highlights key attacks, zero-days, and patches to keep you informed and secure.

Three security vulnerabilities in the official Git server for Anthropic's Model Context Protocol (MCP), mcp-server-git, have been identified by cybersecurity researchers. The flaws can be exploited ...

Earlier this week, some people on X began replying to photos with a very specific kind of request. “Put her in a bikini,” “take her dress off,” “spread her legs,” and so on, they commanded Grok, the ...

Even as OpenAI works to harden its Atlas AI browser against cyberattacks, the company admits that prompt injections, a type of attack that manipulates AI agents to follow malicious instructions often ...