Stay updated with the latest cybersecurity news, threat intelligence, and industry updates from secure.com.
The TanStack npm supply chain attack reached OpenAI's internal repositories. Here is the full picture of what actually happened.
A newly disclosed NGINX vulnerability lay dormant in the codebase for 18 years before an AI system pulled it into daylight.
The SailPoint GitHub breach exposes how supply chain security and identity infrastructure remain the softest targets in enterprise defense.
A new macOS malware campaign exploits Google Ads and Claude.ai shared chat features to distribute malicious software through fake AI applications.
Cybersecurity researchers have discovered PamDOORa Linux backdoor being sold on Russian cybercrime forums for $1,600.
A newly disclosed Dirty Frag Linux vulnerability allows attackers to gain root privileges by chaining two separate kernel flaws together.
A Vimeo data breach discovered in April 2026 exposed 119,000 unique email addresses through a supply chain security incident.
The Instructure data breach exposed Canvas user information after ShinyHunters claimed responsibility for the second incident in eight months.
Cybersecurity company Trellix disclosed a Trellix source code breach where hackers gained unauthorized access to portions of its code repository.
A Linux kernel zero-day tracked as CVE-2026-31431 gives any unprivileged local user full root access on every major Linux distribution shipped since 2017.
A new Vect 2.0 ransomware operation is permanently destroying enterprise files across Windows, Linux, and VMware ESXi, and paying the ransom does nothing.
A critical GitHub RCE vulnerability, CVE-2026-3854, allowed any authenticated user to compromise GitHub's backend infrastructure with a single git push command.
The Vidar infostealer just became the dominant credential thief on the dark web, and security teams have less than 48 hours to react.