TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools.

Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings ...

The security platform Socket has recently discovered an enormous worldwide malware operation that has been dubbed "TrapDoor".

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.

Google's GTIG identified the first zero-day exploit developed with AI and stopped a mass exploitation event. The report documents state actors using AI for vulnerability research and autonomous ...

Google identified the first malicious AI use for a zero-day 2FA bypass in an open-source admin tool, accelerating threat actor operations.

While previous assessments categorized AI-assisted cyberattacks as experimental, current data suggests generative AI is now a mature, industrialized component of offensive operations.

Google says hackers have used AI to discover and exploit a previously unknown software vulnerability for the first time.

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

On May 11, the same day Google’s Threat Intelligence Group disclosed the first confirmed case of attackers using AI to build ...