This week’s recap covers exploited flaws, supply chain attacks, phishing kits, AI lures, macOS stealers, urgent CVEs, tools, ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

The smartest way to use AI may not be letting it interact with your files, but asking it to write software that handles them safely.

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...

Macworld explains how to use your iPhone’s built-in Notes and Files apps to scan documents and save them as PDFs. These scanning tools matter for digitizing important papers, creating portable ...

SVG phishing email attacks are bypassing enterprise email security gateways by hiding JavaScript inside image files and ...

Before we start with the Scan App, the scanner’s OEM may have its own scanner software, which can assist you with scanning documents. I would suggest you have a look at it as well as it can offer some ...

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Scanners of various flavors still exist, of course, but there's a lot less need for the average person to own one. Your recent-ish photographs are all going to be digital, and it's rare that most ...

Editor’s Note, May 18, 2026: In our latest update, Contributor Brandon Russell has added two new recommendations: The ClearClick QuickConvert 2.0 is our favorite portable scanner; and the Plustek ...

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...