Mark-of-the-web and pinning installers to sites

Autocrypt v2 - Post-Quantum and Reliable Deletion

Anonymous GitHub account mass-dropping undisclosed 0-days

1-Click GitHub Token Stealing via a VSCode Bug

Arbitrary code execution in objdump -g

The Quiet Numbers Station: Decoding Nineteen Years of GPS Cryptography

Over 900 Arch Linux Packages Infected with infostealers and rootkits

Apple iPhone 18 Details Leaked In Tata Data Breach

Making Rust supply chain attacks harder with Cackle (2023)

Honda Civics and the Evil Valet

A Human in Control

The Future of the Con Is Here, It's Just Not Evenly Distributed

pomerium: Pomerium is an identity and context-aware access proxy

Longinus: 2 Boundaries in One Bug, Piercing Chrome’s Renderer and V8 Sandbox with a Single Vulnerability, CVE-2026-6307

Full Disclosure: 1-Click GitHub Token Stealing via a VSCode Bug

Security Baked Into the JVM: why fork Apache River and OpenJDK?

Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm

Codex Discovered a Hidden HTTP/2 Bomb

Senior Game Security Engineer (Includes Linux Anti-Cheat)

Config Files That Run Code: Supply Chain Security Blindspot

Arch Linux Now Believes Malware Incident Under Control: More Than 1,500 Packages

Microsoft Working To Patch 'RoguePlanet' Zero-Day

Microsoft Discovers Cryptocurrency Stealer That Spreads Through USB Drives and Uses Tor

Integrity on Embedded Linux Devices under the Cyber Resilience Act

New Unpatchable Exploit Targets Apple Devices With A12 and A13 Chips

AI Worm

Vulnerability reports are not special anymore

Unprivileged root via a use-after-free in DRM GEM change_handle (CVE-2026-46215)

New IronWorm malware hits 36 packages in NPM supply-chain attack

yay v13 and the AURpocalypse

More →