Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.

To protect the Pixel modem from zero-day attacks, Google focused on the DNS parser. As cellular features have migrated to ...

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

Last week, something alarming happened in the world of software — and almost nobody outside the tech industry noticed. A ...

The US government warns programmable logic controllers are being targeted, and research turns up 179 vulnerable operational technology (OT) devices.

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...

Chinese robotics star Unitree opened preorders for its sport-ready R1 humanoid on Alibaba's AliExpress this week, hitting ...

Anthropic just built an AI model so dangerous it had to cancel the public launch. During pre-deployment testing, the company’s newest frontier model, Claude Mythos Preview, proved so adept at hunting ...

This important paper substantially advances our understanding of how Molidustat may work, beyond its canonical role, by identifying its therapeutic targets in cancer. This study presents a compelling ...

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

Anthropic announced this week that its new model found security flaws in "every major operating system and web browser." Even ...