A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...
Bleeping Computer

CISA flags two-year-old Oracle flaw as actively exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched ...
SecurityWeek

Oracle WebLogic Vulnerability Exploited in the Wild

CISA is warning organizations that an Oracle WebLogic vulnerability patched nearly two years ago is being exploited in the ...
CSO Online

Oracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’

Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to ...
Forbes

Warning Issued As Fake Claude Code Installer Attacks Confirmed

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Security researchers have uncovered a previously undocumented attack campaign targeting ...
CSO Online

Attack targeting OpenAI Codex users exposes AI software supply chain risks

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...
CoinTelegraph

Kelp DAO exploit prompts DeFi protocols to rethink oracle providers

Solv Protocol and other DeFi projects are migrating to Chainlink infrastructure after the $293 million exploit exposed risks in third-party bridge and oracle setups. Decentralized finance protocols ...
The New York Times

What to Know About the Stabbing Attack Against 2 Jewish Men in London

The British police said the attack on Wednesday was being treated as terrorism, and they warned of rising antisemitic hate crimes. By Megan Specia Reporting from London A knife attack against two ...
Dark Reading

Trellix Source Code Breach Highlights Growing Supply Chain Threats

Cybersecurity vendor Trellix published a terse statement last Friday, disclosing that a threat actor recently gained unauthorized access to "a portion of our source code repository." Trellix did not ...
Bleeping Computer

Ivanti warns of new EPMM flaw exploited in zero-day attacks

Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. The security flaw (tracked as CVE-2026-6973) ...
The New York Times

Attacks on Jewish Targets in Europe Suggest Hybrid Warfare

Officials are investigating similar attacks across Europe, all claimed by a shadowy Islamist group that may be using low-cost, unsophisticated methods to sow fear in Jewish communities. By Megan ...
VentureBeat

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

On March 30, BeyondTrust proved that a crafted GitHub branch name could steal Codex’s OAuth token in cleartext. OpenAI classified it Critical P1. Two days later, Anthropic’s Claude Code source code ...