SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...

Learn how Claude Code's new workflow feature reduces token tax, improves reliability, and automates complex developer tasks efficiently.

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique ...

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

All products featured here are independently selected by our editors and writers. If you buy something through links on our site, Mashable may earn an affiliate commission.