CVE-2026-33626 exploited within 13 hours of disclosure, enabling SSRF-based cloud credential theft and internal scanning.

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...

Axios, a widely used JavaScript library, is affected by a new critical vulnerability that enables attackers to chain exploits ...

A Grafana AI flaw enables zero-click data exfiltration by hiding malicious prompts in URLs, said a Noma Security report.

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, ...

Spread the loveIn a chilling reminder of the vulnerabilities inherent in open source software, two significant supply chain attacks occurred in March 2026, targeting widely used tools that affect a ...

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware disguised as a Microsoft Teams error fix, turning one of the most popular ...

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never ...

Add Decrypt as your preferred source to see more of our stories on Google. The team behind Drift, a Solana-based decentralized exchange, signaled on Friday that it wants to negotiate with hackers ...

Drift Protocol, the Solana-based perpetuals exchange, suffered the apparent drainage of approximately $270 million in assets from its primary vault address on April 1, 2026, according to on-chain data ...