Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS ...
Security firm Novee has revealed Cordyceps as a class of exploitable CI/CD vulnerabilities across open-source repositories ...
CI/CD pipelines are optimized for code deployments. Long-running operational processes and self-service workflows can be orchestrated more flexibly with Kestra.
GitHub has introduced the GitHub Copilot app, a desktop control centre for agent-native development that aims to keep engineers in charge while AI agents handle more coding work. Mario Rodriguez ...
A variant of the infamous Shai-Hulud worm wreaked havoc on Microsoft's code repositories, triggering disruptions to CI/CD workflows and heightening concerns about increasing software supply chain ...
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the ...
An audience member seated near a Microsoft logo listens as Microsoft Chairman and Chief Executive Officer Satya Nadella speaks during the Microsoft Build conference opening keynote in Seattle, ...
The GitHub hack shows how one poisoned VS Code extension gave attackers access to 3,800 internal repositories. If you rely on third-party developer tools, this breach is a warning to audit your ...
Checkmarx, a security company offering tools for developers, has been compromised for a second time in a month. The hackers injected credential-stealing malware into popular free software, including ...
A threat actor pushed two malware-laced versions of LiteLLM to a central repository where Python developers fetch open-source packages. The packages were downloaded 47,000 times in 46 minutes before ...
The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$. The TeamPCP hacking group has expanded its open source software campaign from ...