4+ hour, 36+ min ago  (353+ words) The Node.js project released a critical security update on March 24, 2026, for the Long-Term Support (LTS) branch, designating version 20.20.2 "Iron" as a security release. The update resolves seven tracked vulnerabilities spanning TLS error handling, HTTP/2 flow control, cryptographic timing leaks,…...

4+ hour, 30+ min ago  (579+ words) A threat campaign known as SmartApeSG " also tracked under the names ZPHP and HANEYMANEY " has been observed pushing multiple strains of malware through a social engineering technique called ClickFix. The campaign, active as recently as March 24, 2026, delivered four separate malware…...

5+ hour, 59+ min ago  (699+ words) A newly discovered malware campaign has been quietly spreading through fake GitHub repositories, targeting software developers, gamers, Roblox players, and crypto users at the same time. Tracked internally as TroyDen's Lure Factory, the campaign deploys a custom LuaJIT trojan carefully…...

5+ hour, 20+ min ago  (681+ words) The digital threat landscape has reached a point where a single careless download by one employee can hand criminal groups direct access to an entire corporate network in under two days. New research published by Whiteintel's Intelligence Division on March…...

9+ hour, 1+ min ago  (12+ words) Multiple TP-Link Vulnerabilities Allow Attackers to Execute Arbitrary Commands on System'CyberSecurityNews...

9+ hour, 9+ min ago  (520+ words) The cryptocurrency development community is facing a serious supply chain threat after five malicious npm packages were discovered stealing private wallet keys and forwarding them directly to a Telegram bot. Published under the npm account "galedonovan," these packages were crafted…...

8+ hour, 37+ min ago  (383+ words) A critical unrestricted file upload vulnerability, dubbed "PolyShell," is actively being exploited in Magento and Adobe Commerce stores. Discovered by the Sansec Forensics Team, this flaw allows unauthenticated attackers to execute remote code (RCE) and completely take over accounts. With…...

10+ hour, 46+ min ago  (542+ words) Security research team has uncovered a critical vulnerability in ClawHub, the public skills registry for the OpenClaw agentic ecosystem. This flaw allowed attackers to artificially inflate the download counts of malicious skills, thereby bypassing security checks and manipulating search rankings....

10+ hour, 58+ min ago  (699+ words) Passwordless authentication was supposed to mark the end of account takeovers. Designed to replace traditional passwords with cryptographic keys tied to physical devices, it promised a future where stolen credentials could no longer unlock user accounts. But a close examination…...

12+ hour, 47+ min ago  (346+ words) A widely used open-source Python library was compromised on the Python Package Index (PyPI). Versions 1.82.7 and 1.82.8 of the package, which route requests across various LLM providers and have over 95 million monthly downloads, were found to contain a sophisticated backdoor by…...