According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
A recent report from cloud security firm Sysdig details the capabilities of JadePuffer, which it says is the first ransomware ...
Adobe’s rapid web-application development platform, Adobe ColdFusion, received a patch earlier this month that fixes several exploits, including CVE-2026-48282. However, users need to ensure they ...
The Armored Likho APT is targeting government and electric power organizations with modular RATs and information stealers.
North Korean threat actors are escalating the PolinRider supply chain attack across Go, Packagist, and npm package ...
Security tooling is not written in a single language. Python powers most automation. C sits at the exploit layer. PowerShell ...
OpenAI launches Patch the Planet to help open-source maintainers find, validate and fix software bugs with AI and human ...
With a security initiative, OpenAI competes with Anthropic's Mythos and also offers a security review service for open-source projects.
Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
Hackers injected malware into 73 Microsoft GitHub repos on June 5, 2026. The attack targeted AI coding tools like Claude Code and VS Code. Read what happened.
CrowdStrike (NASDAQ: CRWD) today released the CrowdStrike 2026 Technology Threat Landscape Report, revealing that China-nexus adversaries are escalating espionage against technology organizations to ...
Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...