Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...

Quick question: how did you learn to code? It probably wasn’t bribing someone a year or two ahead of you in CS to finish all ...

According to security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware, which were some of the ...

Microsoft confirms it temporarily removed GitHub repos after Miasma worm compromised 73 of its open-source projects to inject ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

AI vs AI cybersecurity arrived in documented form on May 10, when an LLM agent drove a four-pivot intrusion to database exfiltration in under an hour with no human direction. CrowdStrike data puts ...

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers and agent infrastructure.

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw is tracked as ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...