Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...

The B-1 Lancer is one of the most powerful bombers ever built, capable of carrying up to 75,000 pounds of conventional ...

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware ...

Malicious npm packages have been identified distributing malware that steals credentials and attempts to spread across ...

As AI agents increasingly rely on third-party API routers, criminals are using this dependence to trick users and inject malicious code into their machines.

A cyber group is impersonating IT helpdesk staff via Microsoft Teams to deploy malware and target corporate systems.

Seeed Studio reBot Arm B601-DM is a fully open-source 6-axis robotic arm (plus a parallel gripper) designed to lower the ...