Polyfill supply chain attack that hit more than 100,000 websites has now been linked to North Korean threat actors.

A data breach at data analytics company LexisNexis L&P has leaked the details of over 400,000 cloud profiles after an attacker breached its AWS infrastructure.

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure ...

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.

Original version of Bill C-2 would have granted the police and spy agency powers to demand information about services Canadians have used ...

An infamous pro-Palestinian hacktivist group has allegedly breached US-based medical device manufacturer Stryker. Handala, a hacktivist group believed to be a front for Iranian state-sponsored hackers ...

Passport scans, confidentiality agreements, and photos of processing works published by hackers following a February attack ...

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

Blockchain ecosystems are losing developers across the board while artificial intelligence projects dominate growth on GitHub, the world’s largest platform for hosting and collaborating on software ...

A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn’t stirred since 2024 – and within ...

State-backed cyber threat actors from non-combatant states are taking advantage of the Israeli-US war on Iran to fulfil their own goals, according to Proofpoint analysts.