Security researchers report a sharp rise in malicious open-source packages in 2026, with npm registry threats already surpassing 2024 totals. A new benchmark study found that popular detection tools ...

In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...

A shadow industry of law firms and advisers is charging thousands of pounds to help migrants pretend to be gay in order to ...

There are sound reasons for optimism that European governments can reduce their military reliance: defense spending is rising, particularly in countries in northern and eastern Europe, and Europe is ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

Critical cPanel flaw under attack, Copy Fail Linux privilege escalation, TeamPCP supply chain campaign, GitHub RCE & major ...

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

The contagion from the Kelp exploit could have been contained, but at the cost of capital efficiency, according to the founder of Curve Finance. The exploit of the Kelp liquid restaking protocol shows ...