A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...

Spread the loveIn a chilling reminder of the vulnerabilities inherent in open source software, two significant supply chain attacks occurred in March 2026, targeting widely used tools that affect a ...

Adobe released emergency patches for CVE-2026-34621, a critical Acrobat and Reader zero-day that has been exploited in the wild.

A critical Adobe Acrobat zero-day has been exploited for months via malicious PDFs to steal data and potentially take over ...

Claude Mythos autonomously found zero-days in OpenBSD, FFmpeg, FreeBSD and major browsers that survived decades of expert ...

Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at ...

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware ...

CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.

Phishing surge, LinkedIn tracking claims, spyware use, and rising stealers expose growing abuse of trusted systems.

Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.