Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale

GHENT, Belgium, April 20, 2026 (GLOBE NEWSWIRE) -- Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by ...

macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets

A ClickFix campaign targeting macOS users delivers an AppleScript-based infostealer that collects credentials and live ...
Security Boulevard

Vercel Breach: How a Roblox Cheat Download Led to a $2M Data Heist Through AI Tool OAuth Abuse

Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed ...
ITWeb

ANALYSIS: Big Tech sets AI to catch AI

AI companies are holding back models that could be used in cyber attacks, instead deploying them to build defence systems.
CPO Magazine

Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...
Infosecurity Magazine

Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim ...
SecurityWeek

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities

CISA has added eight more vulnerabilities to the KEV catalog, including Cisco, Kentico, and Zimbra flaws not previously ...
The Caledonian-Record

ESET Research: New NGate hides in NFC payment app, possibly built with AI

ESET researchers discovered a new NGate malware variant abusing the legitimate Android HandyPay application.To trojanize HandyPay, threat actors most likely used GenAI.The campaign has been ongoing si ...

Claude Opus wrote a Chrome exploit for $2,283

In a blog post on Wednesday, Mohan Pedhapati (s1r1us), CTO of Hacktron, described how he used Opus 4.6 to create a full ...