Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...

A vulnerability in Qualcomm’s Android Bootloader implementation allows unsigned code to run via the “efisp” partition on Android 16 devices. This is paired with a “fastboot” command oversight to ...

Cloud attacks are getting faster and deadlier - here's your best defense plan ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

The official website for the Solana memecoin launchpad, Bonk Fun, has been hijacked. A malicious actor seized control of the domain on Wednesday (March 11), deploying a wallet drainer disguised as a ...

A convicted child predator who admitted he is still sexually attracted to young girls pleaded not guilty Monday to a new child sex abuse charge — as California Republicans escalate pressure on Gov.

Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to ...

Add Decrypt as your preferred source to see more of our stories on Google. Ledger researchers say a flaw in certain MediaTek-powered Android phones could expose encrypted user data in about 45 seconds ...

Carl Schurz Park and several surrounding streets were closed and evacuated in Manhattan midday Tuesday in what turned out to be “an instance of everyday New Yorkers following a clear message: If you ...