Sites belonging to major universities such as Harvard and Oxford, as well as DuckDuckGo, have been compromised in the attack.

The security platform Socket has recently discovered an enormous worldwide malware operation that has been dubbed "TrapDoor".

Active Microsoft Exchange zero-day leaves organisations exposed By Nicola Mawson, Contributing journalistJohannesburg, 19 May 2026An exploit in on-premises Microsoft Exchange servers has already been ...

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

Solidity remains the dominant smart contract language for Ethereum and EVM-compatible chains, with the 2025 developer survey collecting responses from developers across eighty-seven different ...

The Echo Protocol hack revealed DeFi’s growing operational security crisis after attackers minted $76.7M fake eBTC using a stolen admin key.

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

GitHub says a poisoned VS Code extension exposed 3,800 internal repos as Binance founder CZ tells crypto devs to rotate keys.

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

A prominent exploit was “DAN,” short for “Do Anything Now,” where users asked ChatGPT to roleplay as a rogue AI that was free ...

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...