Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. Despite an international law enforcement operation ...

Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

A new malware campaign has compromised nearly 2,000 WordPress websites by using Steam Community profile comments to hide ...

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government ...

Microsoft’s M12 Fund and GitHub Invest in Open-source Low-Code Platform ToolJet CISA makes more open-source cloud protection tools available Oracle takes on Red Hat in Linux code fight Creating Your ...