The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...

I started this as a side project, but my Windows Command Center suddenly became useful.

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

A fake repository mimicking OpenAI’s Privacy Filter on Hugging Face accumulated ~244,000 downloads before being removed. It delivered a multi-stage Rust infostealer ...

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

A malicious repository on Hugging Face impersonated OpenAI’s “Privacy Filter” project and briefly reached the platform’s top trending position before removal ...

A 6MB editor quietly replacing tools that cost ten times more.

A new library is opening up in New York City this Friday, but rather than books, the space will house 3,437 volumes and roughly 3.5 million pages of the Epstein Files. The Donald J. Trump and Jeffrey ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...