DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

Agents run amok: Identity lessons from Moltbook’s AI experimentThe late January launch of Moltbook, a social network for AI agents, will go down as the most intriguing mass agentic AI experiment we’ve ...

Later in the same year, Microsoft claimed it began rolling out a “native” version of Copilot, which was not exactly native, ...

Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as ...

And more useful than I thought.

JFrog has uncovered GhostClaw, a fake OpenClaw npm package that stole Keychain passwords, cloud credentials, and crypto ...

Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

VPNs encrypt everything, but proxies offer speed, flexibility, and unique advantages many people overlook. We explain how ...