Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets
The second wave of the Shai-Hulud supply chain attack has spilled over…
Popular Forge library gets fix for signature verification bypass flaw
A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could…
Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks
Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial…
CISO’s Expert Guide To AI Supply Chain Attacks
AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses…
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension…
Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery
Oct 31, 2025Ravie LakshmananMalware / Secure Coding Eclipse Foundation, which maintains the…
Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them
Oct 07, 2025Ravie LakshmananArtificial Intelligence / Software Security Google's DeepMind division on…
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
Sep 16, 2025Ravie LakshmananVulnerability / Cloud Security Cybersecurity researchers have disclosed multiple…
Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools
Aug 15, 2025Ravie LakshmananMalware / Open Source A Chinese-speaking advanced persistent threat…