A threat actor started exploiting CVE-2026-39987, an unauthenticated RCE vulnerability in Marimo, nine hours after public ...

Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

Shadow AI 2.0 isn’t a hypothetical future, it’s a predictable consequence of fast hardware, easy distribution, and developer ...

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Now I can use any operating system I want without losing features.

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

New AI-powered scanner -- who-touched-my-packages -- detects zero-day malicious packages and credential exfiltration in seconds BOSTON, March 26, 2026 /PRNewswire/ -- Point Wild, a leading global ...

David Nield is a technology journalist from Manchester in the U.K. who has been writing about gadgets and apps for more than 20 years. He has a bachelor's degree in English Literature from Durham ...

GUEST RESEARCH: Rapid7 has released a whitepaper titled “The Weaponisation of Cellular Based IoT Technology,” by Deral Heiland, principal security researcher, IoT, at Rapid7, and Carlota Bindner, lead ...