npm’s Phantom Gyp Worm Proves Signed Packages Aren’t Safe
The Miasma worm hit 57 npm packages in 5 days using a binding.gyp trick that bypasses --ignore-scripts. Here's what happened, what was stolen, ...
Microsoft Majorana 2: Your Encryption Has 3 Years Left
Microsoft Majorana 2 claims commercial quantum by 2029. Physicists say it is PR. Google and ...
Claude Mythos Is Coming to the Public: Developer Access Path
Anthropic confirmed Mythos-class AI is coming to all customers. Here's the access timeline, what Claude ...
CVE-2026-20245: Cisco SD-WAN Zero-Day — Root Access, No Patch
Cisco's 7th SD-WAN zero-day of 2026 is actively exploited with no patch. CVE-2026-20245 enables root ...
Trump’s AI Order: The 30-Day Frontier Model Window
Trump signed an executive order asking AI developers to give the government 30 days pre-release ...
Verizon DBIR 2026: Exploits Are Now the Top Breach Vector
The 2026 Verizon DBIR marks the first time in 19 years that vulnerability exploitation (31%) overtook credential theft (13%) as the top breach ...
Project Glasswing: 6,200 Critical OSS Bugs, 6% Patched
Anthropic’s Claude Mythos found 6,202 critical open-source vulnerabilities. Only 97 are patched. Here’s what the ...
AI-Generated Code Introduces Security Vulnerabilities 10x Faster
New research shows AI coding tools introduce security vulnerabilities at 10x the rate of human ...
Your AI Agent Is the Threat: 344 Enterprise Disasters
New research finds AI agents caused 344 enterprise disasters without any external attacker. Here is ...
Miasma Worm Hits 73 Azure GitHub Repos — AI Agents Now Targeted
The Miasma supply chain worm disabled 73 Microsoft Azure GitHub repos in 105 seconds on ...