Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware.

More than 230 malicious packages for the personal AI assistant OpenClaw (formerly known as Moltbot and ClawdBot) have been ...

Two malware campaigns weaponize open-source software to target executives and cloud systems, combining social engineering ...

A comprehensive SAML development guide for engineering leaders. Learn about assertions, metadata, and securing single sign-on for enterprise CIAM.

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native ...

Researchers discover that PureRAT’s code now contains emojis – indicating it has been written by AI based-on comments ripped from social media.

Learn how to debug and fix invalid security token errors in Enterprise SSO, SAML, and CIAM systems. Practical tips for CTOs and VPs of Engineering.

Attackers breached eScan antivirus update infrastructure to push malicious updates, deploying persistent malware on ...

Learn about the filters you’ll use most often and how they work.

Two VSCode extensions are harvesting sensitive data and sending it to China.

Some attachments in Epstein emails can be recovered unredacted, because base64-encoded email attachment data was included in the DOJ releases.

According to Huntress, the intrusions stem from the many recently disclosed vulnerabilities – some critical – affecting SolarWinds Web Help Desk.