The ActiveState catalog grew to 40 million components in mid 2025 when it introduced coverage for Java and R in addition to Python, Perl, Ruby, and Tcl. As of January 2026, the company has expanded ...

Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...

NPM, the Node Package Manager, hosts millions of packages and serves billions of downloads annually. It has served well over the years but has its shortcomings, including with TypeScript build ...

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX developers and backend systems and, in some cases, backdoored devices, ...

Thousands of iPhones were compromised using the Coruna exploit kit, which chained 23 iOS vulnerabilities into advanced attacks used for espionage and cybercrime.

Google and iVerify have shared details about Coruna, an exploit kit that chains multiple vulnerabilities to target iPhones ...

A previously undocumented set of 23 iOS exploits named "Coruna" has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks.

OpenClaw has sparked heavy Telegram and dark web chatter, but Flare's data shows more research hype than mass exploitation. Flare explains how its telemetry found real supply-chain risk in the skills ...

Chinese open models are spreading fast, from Hugging Face to Silicon Valley. Here’s why that matters. MIT Technology Review’s What’s Next series looks across industries, trends, and technologies to ...

A weakness in the configuration of OAuth credentials opens up a stored XSS vulnerability in the n8n automation platform, ...