Cybersecurity

Malicious versions of the popular telnyx Python package (4.87.1 and 4.87.2) were published to PyPI on March 27, 2026, using audio steganography to hide...

A critical security flaw in the Open VSX registry's scanning pipeline could have allowed malicious extensions to bypass vetting checks.The bug, named Open Sesame,...

Three security vulnerabilities (CVE-2026-34070, CVE-2025-68664, CVE-2025-67644) were disclosed in LangChain and LangGraph frameworks, impacting over 84 million weekly downloads.The flaws could expose filesystem data,...

A critical flaw in the Anthropic Claude Chrome extension allowed websites to silently inject malicious prompts, compromising user security.The vulnerability combined an overly permissive...

The recently uncovered iOS exploit kit Coruna uses an updated version of the kernel exploit framework from the 2023 Operation Triangulation espionage campaign.The framework...

GlassWorm attackers now use a multi-stage framework that steals data and delivers a remote access trojan via a malicious Chrome extension.The malware employs the...

A phishing campaign uses fake, obfuscated French-language resumes to deliver malware that mines cryptocurrency and steals data.The attack chain completes in just 25 seconds...

Credential-stealing malware known as "TeamPCP Cloud stealer" has compromised GitHub Actions workflows from Checkmarx, following a similar attack on Aqua Security's Trivy scanner.The stealer...