A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to ...
Sysdig detected attackers probing the CVSS 9.8 authentication bypass 13 days after the advisory, using one HTTP header to ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
North Korean threat actors are escalating the PolinRider supply chain attack across Go, Packagist, and npm package ...
This research is part of a joint initiative between the Cloud Security Alliance (CSA) and OWASP AI Exchange, building upon the previously published Agentic AI Red Teaming Guide. The objective of this ...
A threat actor has been observed using AI coding tools to develop and refine malware designed to slip past endpoint detection and response (EDR) software, in what was presented as a red team project.
PyGuard is a professional-grade security tool designed to protect your Python source code from reverse engineering, unauthorized access, and tampering. It combines AES-256 encryption with C++ ...
If you work with AI APIs and local LLMs, there's a good chance you've at least heard of LiteLLM. It's one of the most popular Python libraries for interacting with large language models, offering a ...
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions.
The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...
Infrastructure as Code (IaC) has become a core part of DevOps in 2026, especially as enterprises move deeper into cloud, containerisation, and automated deployment pipelines. With teams managing ...