Cybersecurity

A critical security flaw in the Open VSX registry's scanning pipeline could have allowed malicious extensions to bypass vetting checks.The bug, named Open Sesame,...

Three security vulnerabilities (CVE-2026-34070, CVE-2025-68664, CVE-2025-67644) were disclosed in LangChain and LangGraph frameworks, impacting over 84 million weekly downloads.The flaws could expose filesystem data,...

A critical flaw in the Anthropic Claude Chrome extension allowed websites to silently inject malicious prompts, compromising user security.The vulnerability combined an overly permissive...

The recently uncovered iOS exploit kit Coruna uses an updated version of the kernel exploit framework from the 2023 Operation Triangulation espionage campaign.The framework...

GlassWorm attackers now use a multi-stage framework that steals data and delivers a remote access trojan via a malicious Chrome extension.The malware employs the...

A phishing campaign uses fake, obfuscated French-language resumes to deliver malware that mines cryptocurrency and steals data.The attack chain completes in just 25 seconds...

Credential-stealing malware known as "TeamPCP Cloud stealer" has compromised GitHub Actions workflows from Checkmarx, following a similar attack on Aqua Security's Trivy scanner.The stealer...

Russian access broker Aleksei Volkov was sentenced to 6.75 years in U.S. prison for enabling ransomware attacks causing over $9 million in losses.U.S. prosecutors...