Adobe Reader zero-day exploited since Dec 2025 via malicious PDFs, enabling data theft and potential RCE, prompting urgent ...

Preview of new companion app allows developers to run multiple agent sessions in parallel across multiple repos and iterate ...

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

A newly discovered Adobe Reader zero-day vulnerability allows malicious PDF files to steal local data and potentially lead to ...

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

Google has rolled out a new update for its Chrome browser, fixing several serious security issues. The latest version, Chrome ...

In a recent social media post, baseball broadcaster and reporter Dani Wexelman shared a photo of her interviewing Matthew ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

Iran-linked actors target U.S. PLCs using Dropbear and SSH access, disrupting OT systems across sectors and escalating cyber ...