A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels.

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...

It made my network security so much better ...

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.

TeamPCP is an increasingly notorious group of cybercriminals that carry out software supply chain attacks, where hundreds of ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

Today, I’m pleased to introduce something I’ve been working on for the past six months: Shortcuts Playground, a plugin for ...

Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe ...