A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade ...

Attackers bypassed Dashlane's 2FA on fewer than 20 accounts by brute-forcing numeric codes, downloading encrypted password vaults. Zero-knowledge encryption protects data if master passwords are ...

Researchers have uncovered a new Shai-Hulud malware variant targeting Red Hat-related npm packages, spreading through ...

An unknown number of Dashlane accounts were temporarily suspended after being targeted by a brute-force campaign. Some ...

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, ...

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features. Microsoft tracks the actor as Storm ...

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI vendor questionnaires are missing.

A Norwegian researcher has identified an issue with Microsoft Edge’s Password Manager that could be a serious concern for businesses. Tom Jøran Sønstebyseter Rønning found that passwords are being ...

A security researcher has discovered that Microsoft Edge will load all your stored passwords into memory in plaintext at startup, making it easy for malware to scrape those passwords. When you ...

UPDATE: May. 6, 2026, 9:40 a.m. EDT This piece was updated to include a statement from Microsoft. Password managers are supposed to make life easier for users by remembering their passwords and ...