Your Monday cybersecurity recap covers the latest digital threats, exposed weaknesses, active attacks, and security stories ...

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. The attacker ...

The Glassworm botnet is no more, thanks to coordinated efforts between CrowdStrike, Google, and the Shadowserver Foundation.

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

The Microsoft-owed software developer platform, GitHub, has confirmed a third-party has gained unauthorized access to 3800 ...

Azure Linux 4.0 expands Microsoft’s Linux strategy for secure AI and server workloads. Azure Container Linux offers hardened, lightweight infrastructure for Azure containers and regulated enterprises.

Every day, we decide what software to trust in seconds guided by simple labels such as “verified,” “secure,” and “safe to install.” The problem is that those signs can be manipulated. Today, Microsoft ...