Malicious code inserted into four SAP-related npm packages exposed developer workstations and automated build systems to credential theft, marking a sharp escalation in attacks against open-source ...

The open source project said hackers stole its codebase and threatened to publish its source code if the company did not pay.

Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository ...

For protocol founders and security researchers, the incident reinforced a broader shift underway across crypto: DeFi is no longer primarily battling coding bugs. It’s battling complexity.

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Data stolen in a cyberattack that shut down an education platform used by universities and K-12 schools across the US last week has been returned to the platform’s parent company, Instructure, ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Microsoft warns of a new zero-day vulnerability that leaves Exchange open to hackers.

A cyberattack shut down an education platform used by universities and K-12 schools across the US Thursday, depriving ...

A weekend hack that saw almost $300 million drained from a little-known crypto project has triggered a crisis of confidence among decentralized-finance investors, with users pulling billions of ...