North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and enabling remote control.

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across ...

Nvidia led a week of big AI moves, major security threats, app ecosystem changes, and tech industry shakeups across Apple, ...

Nvidia dominated tech news this week, as its hold on the artificial intelligence factory boom only tightened at its annual ...

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

A malicious Python package masquerading as a legitimate Telegram development tool has been identified as a vehicle for remote code execution attacks, raising concerns about supply chain security ...

JavaOne Oracle has shipped Java 26, a short-term release, and introduced Project Detroit, which promises faster interop between Java, JavaScript, and Python. Java 26 will be supported for just six ...

Apple has released important updates for older iPhones and iPads that do not run the newer versions of iOS and iPadOS. These updates include security patches to counter a dangerous exploit kit, that ...

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

As the popularity and value of cryptocurrency rises, device designers are drawing on research and testing to optimally balance both security and usability to safeguard users’ assets. In partnership ...