Scanned 1.3M npm packages + top GitHub repos: Dify, LobeChat, Umami are affected and maybe exploited

A new wave of ClickFix attacks spreading a macOS infostealer are posting malicious user guides on the official ChatGPT website by piggybacking the chatbot’s chat-sharing feature.

Shai-Hulud second attack analysis: Over 300 NPM Packages and 21K Github Repos infected via Fake Bun Runtime Within Hours

HelixGuard has released analysis on a new campaign found in the Python Package Index (PyPI).

The actors published packages spellcheckers which contain a heavily obfuscated, multi-layer encrypted backdoor to steal crypto wallets.

Analysis of the Milvus Proxy Authentication Bypass Vulnerability(CVE-2025-64513)

HelixGuard found a dozen malicious extensions in the VSCode marketplace targeting developers.