Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

Researchers hijacked Claude, Gemini, and Copilot AI agents via prompt injection to steal API keys and tokens. All three ...

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

The Claude Code leak exposes critical risks in AI coding tools—from data exfiltration to supply chain attacks. What CISOs ...

Backed by Sonatype's industry-leading security research team, Sonatype Repository Firewall helped customers prevent 136,107 open source malware attacks in Q1. To explore the full findings from the Q1 ...

The latest monthly Patch Tuesday update from Microsoft landed earlier on 14 April, including two notable zero-day flaws amid ...

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, ...

Stay ahead of the logs with our Monday Recap. We break down active Adobe 0-days, North Korean crypto stings, and critical CVEs you need to patch today ...

OpenAI is one of many organizations affected by the recent Axios supply chain attack attributed to North Korean hackers.

Spread the loveIn a chilling reminder of the vulnerabilities inherent in open source software, two significant supply chain attacks occurred in March 2026, targeting widely used tools that affect a ...

Adobe patches CVE-2026-34621 after active exploitation since Dec 2025, preventing remote code execution via malicious PDFs.