The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...

Build 2026 runs from June 2-3 in San Francisco. Here's what Microsoft is expected to announce for GitHub Copilot, Azure AI ...

Your Monday cybersecurity recap covers the latest digital threats, exposed weaknesses, active attacks, and security stories ...

The recent disclosure by Google’s Threat Intelligence Group that hackers are now using artificial intelligence to develop ...

Massive regional C2 footprint More than 1.3K C2 Servers Discovered in the Middle East Hunt.io said it identified more than ...

The Glassworm botnet is no more, thanks to coordinated efforts between CrowdStrike, Google, and the Shadowserver Foundation.

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

TeamPCP is an increasingly notorious group of cybercriminals that carry out software supply chain attacks, where hundreds of ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.