Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

The right stack around Ollama is what made local AI click for me.

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

LiteLLM, a massively popular Python library, was compromised via a supply chain attack, resulting in the delivery of ...

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU ...

Mozilla is building cq - described by staff engineer Peter Wilson as "Stack Overflow for agents" - as an open source project ...

Espressif Systems released the ESP-IDF v6.0 framework a few days ago with stable support for ESP32-C5 and ESP32-C61 SoCs, as ...

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain.

The GlassWorm malware made news when it pivoted from exclusively targeting Windows users to also targeting Mac OS users in January, and in the time since, the malware campaign has spread across at ...

A large-scale GlassWorm malware campaign targeting developer platforms appears to be significantly more extensive and ...