The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

Two teenage boys have been given probation after using artificial intelligence to create hundreds of fake nude photos of ...

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...

A new paper in Genome Biology and Evolution, indicates that while the COVID-19 virus has developed rapidly since 2019, it has done so within limited genetic channels. These genetic limits have ...

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps.

OpenAI is shutting down its social media app Sora, which went viral last fall as a place to share short-form videos generated ...

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide. This analysis walks through the Trivy supply‑chain compromise, attacker ...

Though the underlying Sora 2 video- and audio-generation model is scarily impressive, there was not sustained interest in an ...

A team of UC Santa Cruz students and an alumnus earned third place at the 2026 Mistral AI Worldwide Hackathon in San ...

Sora hasn't even been around a year. But OpenAI is ready to move on and use its compute power for more lucrative products.