The Hacker News

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...

MCP, Agent Tool Access And The New Execution-Layer Security Gap

The execution layer has already shifted from humans to machines. This transition is not a future trend; it is the current ...
The Next Web

Hackers breached the European Commission by poisoning the security tool it used to protect itself

CERT-EU attributed a 92 GB data breach at the European Commission to TeamPCP, which compromised the Trivy security scanner in a supply chain attack. ShinyHunters leaked the data.

Crypto Hack Worth $290 Million Triggers DeFi Contagion Shock

Hackers exploited a cross-chain bridge on Saturday, draining nearly $300 million from a key piece of decentralized finance ...
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
SecurityWeek

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical Nginx UI vulnerability that allows attackers to take full control of servers has been exploited in the wild.
CoinDesk

'DeFi is dead': crypto community scrambles after this year's biggest hack exposes contagion risk

Developers and traders warn of structural risks as a cross-chain exploit spreads fear and prompts billions to flee DeFi ...

How a Hacker Used Claude and ChatGPT to Breach Multiple Government Agencies?

Discover how a hacker exploited Claude and ChatGPT to breach government agencies. Learn about the AI-driven tactics used to ...

Suspect Accused of Hacking Climate Activists Appears in Court

Amit Forlit is accused of running a hacking operation that aimed to thwart climate litigation at the behest of a lobbying ...
InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.