Researchers at Endor Labs uncovered 88 new packages tied to new waves of the campaign, which uses remote dynamic dependencies to deliver credential-stealing malware.

Model context protocol, popularly known as MCP, is the next big thing in this AI era. At a high level, the MCP servers allow you to connect your AI chatbot to any apps or services and provide more ...

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies into hiring North Koreans.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability.

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

Kronos is the first open-source foundation model for financial candlesticks (K-lines), trained on data from over 45 global exchanges. Kronos is a family of decoder-only foundation models, pre-trained ...