According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
JadePuffer, a ransomware operation, used an AI agent to carry out much of the intrusion chain from reconnaissance, key theft, ...
IBM and Red Hat have launched Lightwell to automate vulnerability remediation across enterprise open-source software ...
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
EXCLUSIVE There's no honor among thieves as a new worm steals from other infectious software. It pilfers “multiple” victims’ ...
Hackers injected malware into 73 Microsoft GitHub repos on June 5, 2026. The attack targeted AI coding tools like Claude Code and VS Code. Read what happened.
Mozilla researchers revealed a new attack that tricks Claude Code into running hidden commands from seemingly harmless GitHub ...
"If we improve the code and we can all benefit from it, it's good for everyone," says Fenris's Ben Hunter, as he talks ...
An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious payload that remains invisible to security scanners, AI agents, and human ...
Nation-state threat actors and cybercriminals are growing more sophisticated in how they use foundational AI models in their offensive campaigns, reportedly worrying the US government enough to ban ...
OpenAI has launched a program with cybersecurity firm Trail of Bits to use AI to find and fix vulnerabilities in widely used open-source software, as enterprises face growing risks from flaws buried ...
Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your security tools look.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results