CERT-In flags multiple vulnerabilities in Google Chrome that could allow remote code execution and data theft, urging users to update the browser immediately.

Adobe patches a critical PDF flaw exploited for months, allowing attackers to bypass sandbox protections and deliver malware. Users urged to update now.

Catch up with this week's Microsoft stories in the latest recap. Patch Tuesday updates, bugs, Start menu reworks, Recall ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

Amazon has launched a new Fire TV Stick HD. It's moving to a new operating system called Vega OS instead of the long running ...

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

PHP development is increasingly taking place outside the cloud. PHP 8.3 is mostly used. Windows is experiencing a comeback ...

OpenAI is one of many organizations affected by the recent Axios supply chain attack attributed to North Korean hackers.

Umami 3.1.0 brings configurable dashboards, session replays, and Core Web Vitals tracking for privacy-friendly web analysis.