Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...

IntroductionIn February 2022, BlackBasta emerged as a successor to Conti ransomware and quickly rose to prominence. BlackBasta was operational for three years until February 2025 when their internal ...

This week in cybersecurity: 338 new CVEs published including 11 critical severity. 9 vulnerabilities added to CISA KEV catalog. Plus major developments in AI security, supply chain attacks, and ...

After years of watching ChatGPT and Gemini hog the limelight, Apple is reportedly shipping a standalone Siri app, codenamed ...

Learn what Microsoft Copilot is, how it works, pricing, features, and whether it’s worth it in 2026 across Windows, Edge, and ...

Bifrost stands out as the leading MCP gateway in 2026, pairing native Model Context Protocol support with Code Mode to cut ...

Rowhammer attacks have been around since 2014, and mitigations are in place in most modern systems, but the team at gddr6.fail has found ways to apply the attack to current-generation GPUs.

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and Linux.

I’ve used plenty, but this one rewired my daily workflow.

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions of the widely used JavaScript HTTP client library.

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.