Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

An MCP server that enables AI agents to control web browsers using browser-use. 🌐 Want to Vibe Browse the Web? Open-source AI-powered web browser - Vibe Browser.

In addition to rolling out patches to address two zero-days affecting SQL Server and .NET, Microsoft introduced Common Log File System hardening with signature verification.

Abstract: Containerization become a leading trend in the de-ployment of services, especially in cloud environments. There are many container-based virtualization platforms, but Docker is the most ...

A TypeScript MCP (Model Context Protocol) server that provides comprehensive web search capabilities using direct connections (no API keys required) with multiple tools for different use cases.