Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into ...

Modern PDF platforms can now function as full attack gateways rather than passive document viewers.

Attackers can abuse VS Code configuration files for RCE when a GitHub Codespaces user opens a repository or pull request.

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.

Experts have identified the three digital lifestyles most targeted by cyber criminals – here’s what they are, and what you ...

Background In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named “Operation ForumTroll.” Orchestrated by an unidentified state-sponsored APT group, ...

In a a robust Hacker News thread sparked by Jamf Threat Labs research, a VS Code team member defended the editor's Workspace ...

Update implements Jakarta EE 11 platform and brings support for Jakarta Data repositories and virtual threads.

Researchers show AI assistants can act as stealth C2 proxies, enabling malware communication, evasion, and runtime attack automation.

“Once contribution and reputation building can be automated, the attack surface moves from the code to the governance process around it. Projects that rely on informal trust and maintainer intuition ...

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites.

Researchers have revealed that bad actors are targeting dYdX and using malicious packages to empty its user wallets.