News

Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were ...
WeLiveSecurity2d
BladedFeline: Whispering in the dark
ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to ...
Hacker targets other hackers and gamers with backdoored GitHub code
A hacker targets other hackers, gamers, and researchers with exploits, bots, and game cheats in source code hosted on GitHub ...
Free tax filing tool Direct File is getting the open source treatment
The IRS launched Direct File in 2024, offering US citizens a free, user-friendly online platform for filing federal income ...
CSO Online8d
Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains
Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting ...
The Hacker News10d
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware
Mimo exploits CVE-2025-32432 in Craft CMS days after disclosure, deploying cryptominer and proxyware for monetization.
Deepseek Engineer V2 : Say Goodbye to Bloated Software, Free Precision AI Coding
Deepseek Engineer V2 a new AI coding assistant offering real-time reasoning, adaptability, unmatched precision and efficiency ...
Security Boulevard15d
Malicious attack method on hosted ML models now targets PyPI
Artificial intelligence (AI) and machine learning (ML) are now inextricably linked to the software supply chain. ML models, ...
Pen Test Partners9d
How to load unsigned or fake-signed apps on iOS
On your iOS device, go to Settings -> General -> Profiles & Device Management. Tap “Trust [Your Apple ID],” then tap “Trust” again to confirm. Once your target app is on the device, open AltStore and ...
PCMag UK16d
What Is a Computer Virus, Really?
You’ve heard the term, but what does it actually mean? Learn from our expert how these self-replicating programs sneak in, ...
The Hacker News4d
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and ...