At least 15 malicious plugins on the JetBrains Marketplace were identified as stealing AI API keys from developers, raising concerns about software supply chain security in...
Researchers report ClickFix malware campaigns now deliver three different loaders — BabaDeda, Lorem Ipsum, and Potemkin — using fake update-themed lures targeting various sectors.
A vulnerability in Google Cloud’s Vertex AI SDK for Python enabled attackers to hijack machine learning model uploads without project access, according to Palo Alto Networks...
Threat intelligence firm Defused Cyber reports active exploitation of three vulnerabilities in Fortinet FortiSandbox, including a critical path traversal flaw patched last week.
A recent survey reveals that 94% of security incidents involve anonymized infrastructure, underscoring the difficulties teams face in attribution despite abundant IP data.
Security researchers have uncovered Rokarolla, a new Android banking trojan that targets over 200 banking and cryptocurrency apps, enabling wide-reaching control over infected devices.
Anthropic has released Claude Fable 5, its most advanced AI model to date, separating it into two versions distinguished by safety features. The model with added...
Microsoft issued security updates for a record 206 vulnerabilities across its software, addressing three zero-day flaws disclosed publicly at the time of release.
Repeated automated pentesting can lead to reports showing fewer new issues, potentially giving a false sense of security. A recent webinar by The Hacker News and...
A supply-chain attack compromised more than 30 npm packages under Red Hat's namespace, distributing a new variant of the Shai-Hulud credential-stealing malware called Miasma.
The DriveSurge threat actor has launched extensive malware distribution campaigns leveraging ClickFix and FakeUpdate techniques by compromising thousands of websites.