Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...

Thousands of software development teams whose CI/CD pipelines depended on LocalStack’s free community edition lost access to ...

Amit Navindgi discusses the systematic shift at Zoox from fragmented documentation to an AI-driven ecosystem. He explains how ...

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix ...

Google identified the first malicious AI use for a zero-day 2FA bypass in an open-source admin tool, accelerating threat ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

Companies are treating these repositories like content delivery networks - now the Linux Foundation and colleagues are saying ...

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the security risks of hallucinated dependencies.

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

Experimental - This project is still in development, and not ready for the prime time. A minimal, secure Python interpreter written in Rust for use by AI. Monty avoids the cost, latency, complexity ...

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based ...