PHANTOMPULSE spreads via Obsidian plugin abuse in REF6598 campaign, targeting finance and crypto users, bypassing AV controls ...

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.

LinkedIn runs a hidden JavaScript script called Spectroscopy that silently probes over 6,000 Chrome extensions and collects ...

A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...

Retrieval-Augmented Generation (RAG) is critical for modern AI architecture, serving as an essential framework for building ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.

Automation that actually understands your homelab.

University of California researchers have identified a new class crypto theft, stemming from AI agent routers - here's everything to know.

Secure decentralized MCP resource provisioning with zero-trust architecture, post-quantum cryptography, and granular policy enforcement for AI agents.