The attack dominating financial services doesn't steal passwords. It resets MFA and steals the token.

Credential theft fell to 13% of breach vectors in 2026. Attackers now bypass MFA via help desk resets and OAuth token theft.

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
Searchenginejournal.com

Security Researcher: WordPress 7.0 Could Trigger Rush To Steal AI API Keys

Oliver Sild, founder of Patchstack WordPress security company, shared concerns about the security of AI API keys in WordPress 7.0, sharing that there “will be an absolute rush by hackers to steal API ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
Bloomberg L.P.

API Library

Supported Releases: These releases have been certified by Bloomberg’s Enterprise Products team for use by Bloomberg customers. Experimental Releases: These releases have not yet been certified for use ...

XBOW tests Anthropic's Mythos Preview for offensive security

Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code.

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Dark Reading

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments

A China-backed persistent threat actor known as Webworm is targeting governmental organizations across Europe, and it's using unusual command-and-control mechanisms to do so. Security vendor ESET this ...
The Washington Post

National Security

President Donald Trump chose Clayton, the Manhattan U.S. attorney, less than two weeks after he appointed Pulte, who has no intelligence experience. New York’s mayor had planned to meet with leftist ...
PC Magazine

The Best Hardware Security Keys for 2026

Protecting your online accounts is crucial, and a hardware security key is one of your most effective defenses. These are the top security keys we've tested for keeping your information private and ...
PC Magazine

Norton 360 Deluxe Review: Powerful Security on Multiple Platforms

When the IBM PC was new, I served as the president of the San Francisco PC User Group for three years. That’s how I met PCMag’s editorial team, who brought me on board in 1986. In the years since that ...
Krebs on Security

Category Archives: Latest Warnings

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company’s monthly Patch ...