The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.

TeamPCP strikes again, with almost identical code to LiteLLM.

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

Build your first fully functional, Java-based AI agent using familiar Spring conventions and built-in tools from Spring AI.

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...

If you're paying for software features you're not even using, consider scripting them.

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to compromised credentials.

Anthropic introduces “repeatable routines” in Claude Code, bringing AI-powered automation and a redesigned workspace to ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software packages, to distribute a cross-platform, ...