Microsoft, Huntress, and Intego this month detailed attacks that show the ongoing evolution of the highly popular compromise technique.

The ActiveState catalog grew to 40 million components in mid 2025 when it introduced coverage for Java and R in addition to Python, Perl, Ruby, and Tcl. As of January 2026, the company has expanded ...

After detecting a zero-day attack, the country's effective response was attributed to the tight relationship between its government and private industry.

Despite rapid generation of functional code, LLMs are introducing critical, compounding security flaws, posing serious risks for developers.

Attackers recently leveraged LLMs to exploit a React2Shell vulnerability and opened the door to low-skill operators and calling traditional indicators into question.

Practical DevSecOps launches the Certified Security Champion course to help orgs bridge the talent gap by upskilling ...

Codex can exploit vulnerable crypto smart contracts 72% of the time, raising urgent questions about AI-powered cyber offense and defense.

ThreatsDay Bulletin tracks active exploits, phishing waves, AI risks, major flaws, and cybercrime crackdowns shaping this week’s threat landscape.

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers ...

Outlook add-in phishing, Chrome and Apple zero-days, BeyondTrust RCE, cloud botnets, AI-driven threats, ransomware activity, and critical CVEs.

Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain ...