Malicious code inserted into four SAP-related npm packages exposed developer workstations and automated build systems to credential theft, marking a sharp escalation in attacks against open-source ...

The open source project said hackers stole its codebase and threatened to publish its source code if the company did not pay.

Getting someone to the right spot isn’t always as simple as sharing a street address. In many cases, addresses are incomplete, point to the wrong entrance, or fail to capture the exact location you ...

For protocol founders and security researchers, the incident reinforced a broader shift underway across crypto: DeFi is no longer primarily battling coding bugs. It’s battling complexity.

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Data stolen in a cyberattack that shut down an education platform used by universities and K-12 schools across the US last week has been returned to the platform’s parent company, Instructure, ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

A weekend hack that saw almost $300 million drained from a little-known crypto project has triggered a crisis of confidence among decentralized-finance investors, with users pulling billions of ...

Students attempting to access grades, study materials and quizzes were met instead with a message from a hacking group on ...

Thousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its ...