JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
Arctic Wolf says Anubis affiliates abused RMM tools, VPN logins, RDP, PsExec, and cloud-transfer tools before ransomware ...
The award-winning Mitel platform embeds voice into business processes, linking scattered tools into one automated flow.
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.
A SimpleHelp authentication flaw is being exploited to deploy Djinn Stealer, a cross-platform malware targeting cloud, ...
Alibaba will bar staff from using Anthropic's Claude Code from July 10 over an alleged backdoor, a source says, amid a wider Claude-Qwen dispute.
Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). This argument injection ...
Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) ...
Microsoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack.
Z.ai has launched ZCode, a free AI coding tool powered by GLM-5.2 that challenges Cursor, Claude Code and GitHub Copilot ...
Cursor AI model training reaches a new milestone: a 1.5-trillion-parameter system pre-trained from scratch on xAI’s Colossus ...