Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Azure Linux 4.0 expands Microsoft’s Linux strategy for secure AI and server workloads. Azure Container Linux offers hardened, lightweight infrastructure for Azure containers and regulated enterprises.

The rise of AI services, rapid software updates and unseen third-party data flows is exposing the limits of annual vendor reviews and static security attestations.

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of the PyTorch Lightning package from PyPI triggered a hidden credential ...

On Wednesday, a survey of 700 software engineering leaders across five countries found that AI coding tools have transformed ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...