The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack ...

Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.

OpenAI has confirmed the security breach. According to the company, two employee devices were compromised during a large-scale software supply chain attack connected to the TanStack npm ecosystem.

Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

Sure, AI agents such as Mythos can find security vulnerabilities in software, but the bigger question is whether they can ...

A poisoned open-source dependency let attackers breach two OpenAI employee devices and steal credentials from a limited set of its internal source code repositories, OpenAI confirmed in a May 14, 2026 ...

Microsoft warned Exchange Server customers about critical OWA vulnerability CVE-2026-42897 affecting on-premises deployments.

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow ...

OpenAI said it found no evidence that user data was accessed after a supply-chain attack involving the TanStack npm library.

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.