A newly documented BlankGrabber infection chain is using a bogus “certificate” loader to disguise a multi-stage Windows compromise, adding another layer of deception to a commodity stealer already ...

International cybersecurity firms had been tracking a sophisticated malware strain called PXA Stealers for months, tracing it to a Vietnamese-speaking developer whose Telegram handle "Lone None" was ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...

Working as a software development engineer for AWS Security at Amazon, Praveen Ravula, the 2025 Developer of the Year awardee ...

Threats actors pounced on the vulnerability within hours of its disclosure, demonstrating that organizations have little time ...

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical ...

Point Wild, a leading global provider of AI-powered cybersecurity, today announced the immediate release of a free security tool, who-touched-my-packages (wtmp) – to provide developers visibility into ...

Alleged AstraZenea data leak raises concerns over internal access, source code exposure and follow-on cyber risks.

Cybersecurity and tech firms are positioning themselves to capture the exploding market for AI “governance.” Why leading ...