Chainguard, the trusted source for open source, today announced Chainguard Repository, a single Chainguard-managed experience for pulling secure-by-default open source containers, dependencies, OS ...

Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface A new ...

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

A massive, self-replicating GlassWorm supply-chain attack has compromised hundreds of code repositories and extensions on ...

Security researchers at Noma Labs found a critical flaw in Context7, a widely used tool that feeds AI coding assistants ...

Shai-Hulud 2.0 exploited CI/CD pipelines in 2025, exposing shift-left flaws and driving curated catalogs to reduce CVE risk by 99%.

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies ...

Audit identifies credential harvesting, C2 callbacks, and data exfiltration patterns across 18.7% of the most popular ...

ClawSecure's analysis of 2,890+ popular OpenClaw agent skills reveals 9,515 security findings, with 30.6% rated HIGH or ...

A malicious Python package masquerading as a legitimate Telegram development tool has been identified as a vehicle for remote code execution attacks, raising concerns about supply chain security ...

A sophisticated malware operation targeting software developers has expanded its reach by exploiting trusted extension ecosystems, with security researchers uncovering dozens of malicious packages ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...