Your Monday cybersecurity recap covers the latest digital threats, exposed weaknesses, active attacks, and security stories ...

Repeated prompts to enter your Git username and password are a frustrating annoyance developers can live without. Unfortunately, if your Git installation has not been configured to use a credential ...

Sometime in early 2025, a security researcher flagged a configuration file that could do something it was never supposed to: ...

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Oracle powers some of the most critical workloads in the enterprise. It’s also one of the places where static, long-lived database passwords still hide in plain sight – hardcoded in config files, ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix maps every blind spot and fix.

PCWorld reports that Microsoft is restoring the missing ‘Refresh’ and ‘Print’ options to Windows 11 File Explorer’s right-click context menu after user complaints. These essential features are ...