Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

Discover the hidden gem of media players that power users have been quietly enjoying for years, and find out why it's time to ...

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...

The security platform Socket has recently discovered an enormous worldwide malware operation that has been dubbed "TrapDoor".

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...

A security researcher found a foolproof way to guarantee tech conferences accept his speaker submissions: hack their systems.

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

Sometime in late May 2026, a poisoned update slipped into the @antv family of JavaScript visualization libraries, the ...

The malware employs ecosystem-specific techniques for execution. On npm, many packages use post-install hooks to deploy a comprehensive JavaScript payload ...