Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 ...

The developer of the popular text editor Notepad++ said hackers associated with the Chinese government hijacked its software ...

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native ...

Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the ...

Key cyber updates on ransomware, cloud intrusions, phishing, botnets, supply-chain risks, and nation-state threat activity.

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX ...

Android users face a new malware threat spreading via fake security apps, stealing banking data and messages through trusted ...

Within days of Microsoft patching a critical Office zero-day, the Russia-linked group “APT28” was already exploiting the flaw in a live campaign tracked as Operation Neusploit.

Plus: AI agent OpenClaw gives cybersecurity experts the willies, China executes 11 scam compound bosses, a $40 million crypto ...

Notepad++ released version 8.8.9 in December, which checks digital signatures and certificates before installing any updates.

The program is a free text and code editor that's been downloaded millions of times. The compromise began in June and is ...