Researchers identified nearly 10,000 websites where API keys could be found, exposing details that could let attackers access ...

Phone users in South Africa have become potentially lucrative targets to cybercriminals using a new attack called “DarkSword.” ...

Unidentified threat actors have successfully compromised the GitHub repository for “all-in-one” security scanner Trivy, pushing a malicious update to downstream users that can deploy an infostealer.

Google Threat Intelligence has identified a new form of crypto-stealing malware called “Ghostblade” that affects Apple iOS devices and is part of the “DarkSword” suite of browser-based malware tools ...

Chainguard is expanding beyond open-source security to protect open-core software, AI agent skills, and GitHub Actions.

The consensus among early adopters is that Anthropic has successfully internalized the most desirable features of the open-source movement—multi-channel support and long-term memory ...

The Google Threat Intelligence Group has posted a report about malware that uses six different security vulnerabilities to attack an iPhone. According to the report, a toolkit called DarkSword has ...

The Office Scripts action recorder can generate code snippets for Excel changes, but some actions still require manual ...

The phishing campaign lures OpenClaw developers with fake $5,000 token airdrops, then drains wallets through a cloned site ...

Researchers from Google LLC and two cybersecurity companies have identified a set of zero-day exploits in iOS 18. Google’s GTIG threat intelligence team, Lookout Inc. and iVerify Inc. published their ...

The DarkSword iOS exploit chain was used by the Russian APT behind the Coruna exploit in attacks targeting Ukraine.

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.