News about security failures, exploits and vulnerabilities in systems
In recent weeks, a text-message scam with a variation that deserves special attention has resurfaced: the scammers are sending out alleged "Non-compliance Notifications" that appe…
Recently, security researchers discovered a campaign that introduced malicious packages into the npm record posing as supplements to Strapi, the popular CMS of Node.js. The trap w…
This week the development community of Node.js had to fit in an uncomfortable reminder: the supply chains of the software are as fragile as the people who maintain them. Popular H…
A few years ago the technique known as "device code phishing" was something that was studied in conferences and described in technical papers; today it is already a common tool in…
In the last few days, the alarm about tracking techniques that we had so far associated more with advertising companies or malicious entities than with professional networks has b…
Since mid-2025 there has been a return of a sustained campaign against diplomatic missions and European government agencies attributed to an actor in line with China known as TA41…
In Linux servers hosting PHP applications, a disturbing practice is emerging: attackers are using HTTP cookies as a control channel to activate web shells and run remote code. Ins…
In February 2026, a ransomware attack left the University of Mississippi Medical Center (UMMC) without access to its Epic electronic medical history system in 35 clinics and more …
The development community recently woke up with news that one of the most used libraries in the JavaScript ecosystem was manipulated in the supply chain. The main maintainer of th…
