CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

Sysdig cited figures from the Zero Day Clock initiative which revealed that median time-to-exploit (TTE) collapsed from 771 ...

TL;DR: Notepad++ was compromised for six months, but it wasn't the software itself which the exploit leveraged, but its hosting provider. An investigation into the attack has just been concluded with ...

We all know just how versatile a supermarket-cooked chicken can be, but it turns out we’ve not been using it to its full potential. Every inch of the dinnertime staple has a purpose, including the ...

GameSpot may get a commission from retail offers. It was anything but a wonderful holiday season for Ubisoft's Rainbow Six Siege players. Following a massive hack that dumped billions of credits into ...

It's been a quarter of a century since the invention of the CAPTCHA. The great gatekeeper of the internet was originally created by students at Carnegie Mellon University to prevent bots from rigging ...

GameSpot may get a commission from retail offers. Following a hack that happened over the Christmas weekend, Rainbow Six Siege players are finding themselves in the ban house thanks to yet another ...

Update: Article updated to reflect that the ShinyHunters says they were not involved in this activity. We have updated our story and title. Threat actors associated with the "Scattered Lapsus$ Hunters ...