Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

Hackers are exploiting CVE-2026-5027, a high-severity path traversal issue in Langflow, for remote code execution.

If reinstalling software feels repetitive, these tools have some ideas.

A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

GitHub Copilot multi-agent support for VS Code launched at Microsoft Build 2026 alongside Project Polaris, an in-house AI ...

A security update closes a malicious code vulnerability in Docker for macOS. If attackers successfully exploit a security vulnerability in Docker on macOS, they can break out of the sandbox and ...