According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
North Korean threat actors are escalating the PolinRider supply chain attack across Go, Packagist, and npm package ...
JadePuffer, a ransomware operation, used an AI agent to carry out much of the intrusion chain from reconnaissance, key theft, ...
EXCLUSIVE There's no honor among thieves as a new worm steals from other infectious software. It pilfers “multiple” victims’ ...
"If we improve the code and we can all benefit from it, it's good for everyone," says Fenris's Ben Hunter, as he talks ...
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your security tools look.
ESET Research has released its H1 2026 Threat Report with statistics from December 2025 through May 2026.ClickFix – a social engineering ...
Ollama, the open-weight AI platform that lets developers run large language models on their own hardware with a single terminal command, closed a $65 million Series B on Thursday — and the most ...
Developed with leading global financial institutions and backed by a growing partner ecosystem, the new Lightwell offerings help enterprises mitigate open source risk without disruptive ...
Cybersecurity firm Novee has identified a GitHub Actions workflow-chain risk that can expose secrets even when checks pass, ...
Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results