June 19, 2026 update: Microsoft assesses with high confidence that this activity is attributable to Sapphire Sleet, a North Korean state actor that primarily targets the financial sector. The ...
Researchers at Cyera found six vulnerabilities in protobuf.js, including a flaw that can turn attacker-controlled schema data into executable code and expose downstream software supply chains. A ...
Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading ...
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC , travels in Python proof-of-concept (PoC) ...
There was an error while loading. Please reload this page.
It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack ...
Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...
Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...