Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...

Gemini 3.5 Flash is shockingly fast at generating code and spinning up agents, but that speed comes at a cost: sloppy ...

Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.

Dynamic workflows in Claude Opus 4.8.8 offer a structured way to handle complex tasks by dividing them into smaller, independent components. These workflows enable parallel task execution, where ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

The last time we did this analysis, Buffalo's 14212 came in as the most unstable neighborhood in Western New York. This year, ...

TAJS is a dataflow analysis for JavaScript that infers type information and call graphs. The current version of the analysis contains a model of ECMAScript 3rd edition, including the standard library, ...

The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. Despite an international law enforcement operation ...

This extension is part of the extension bundles for Qlik Sense. The repository is maintained and moderated by Qlik RD. Feel free to fork and suggest pull requests for improvements and bug fixes.