Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

OpenClaw developers targeted by sophisticated phishing scam using fake $CLAW token giveaways on GitHub. Learn how attackers ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a ...

A large-scale phishing campaign is currently targeting developers via GitHub. Attackers are exploiting the Discussions feature to spread fake security ...

There is currently an attack wave targeting devices with older iOS versions. Apple has commented on the effectiveness of a security feature in this context.

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...

A newer DarkSword exploit leak makes hacking outdated iPhones easier, exposing hundreds of millions of devices to risk.

GlassWorm attack uses stolen GitHub tokens to inject malware into Python repositories, exposing developers to supply chain ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...