Today, I’m pleased to introduce something I’ve been working on for the past six months: Shortcuts Playground, a plugin for Claude Code and Codex that can create any shortcut for Apple’s Shortcuts app ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...

If you’ve downloaded the Cemu Wii U emulator for Linux from the project’s official GitHub in the past few weeks, bad news: it added malware to your system when you ran it. An announcement made by the ...

The APT campaign involved disguising malicious files as documents related to tax violations. Upon infection, the attackers ...