Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

Sometime in late May 2026, a poisoned update slipped into the @antv family of JavaScript visualization libraries, the ...

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...

Discover the hidden gem of media players that power users have been quietly enjoying for years, and find out why it's time to ...

The security platform Socket has recently discovered an enormous worldwide malware operation that has been dubbed "TrapDoor".

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...

A security researcher found a foolproof way to guarantee tech conferences accept his speaker submissions: hack their systems.

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.

The malware employs ecosystem-specific techniques for execution. On npm, many packages use post-install hooks to deploy a comprehensive JavaScript payload ...