Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

Google prevents first known instance of 2FA cyber attack where hackers used AI-developed zero-day exploit; Know how to stay safe ...

Data is being stolen by a threat actor who is targeting Microsoft 365 and Azure production installations using assaults that ...

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft package being among the latest target of worm-like malware that steals ...

Microsoft says Storm-2949 targets Microsoft 365 and Azure environments using MFA abuse, password resets, and cloud data theft ...

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer ...

Apps from Apple, Google and others can assist in making your online accounts more secure, even as new ways of logging in continue to take off. By J. D. Biersdorfer J.D. Biersdorfer writes about how to ...

Google says hackers used AI to help build a zero-day exploit targeting 2FA, raising concerns about AI-assisted hacking.

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...