A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a ...

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures. As AI coding assistants accelerate software ...

AI found 21 FFmpeg zero-days, some 20 years old; Chrome 149 patched 429 bugs, including 100+ critical/high flaws.

GitHub Copilot security scanning arrives in the terminal with /security-review, an experimental pre-commit slash command that ...

Researchers at the University of Toronto have built a worm that thinks for itself. Using free off-the-shelf AI models it ...

Vulnerabilities & Threats Insider Threats Vulnerabilities & Threats ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed A major bug in Oracle's ERP software disproportionately affected American ...

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, ...

EU's cloud sovereignty push leaves room for US hyperscalers The Cloud and AI Development Act signals a regulatory direction for the EU as it aims to reduce dependency on US cloud providers. But Europe ...

The CERT Division is a leader in cybersecurity. We partner with government, industry, law enforcement, and academia to improve the security and resilience of computer systems and networks. We study ...

Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...