Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

Sysdig cited figures from the Zero Day Clock initiative which revealed that median time-to-exploit (TTE) collapsed from 771 ...

A malicious Python package masquerading as a legitimate Telegram development tool has been identified as a vehicle for remote code execution attacks, raising concerns about supply chain security ...

When custom tools beat built-in ones.

You can now run LLMs for software development on consumer-grade PCs. But we’re still a ways off from having Claude at home.

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

GHz phased array radar system featuring Pulse Linear Frequency Modulated (LFM) modulation and based on an AMD Artix-7 FPGA. Two versions are available: the AERIS-10N (Nexus), providing up to 3km range ...

Perplexity is developing an always-on AI agent for Mac that can access apps and files to run tasks continuously, expanding ...

Infosecurity spoke to several experts to explore what CISOs should do to contain the viral AI agent tool’s security vulnerabilities ...

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...