Chainguard, the trusted source for open source, today announced Chainguard Repository, a single Chainguard-managed experience for pulling secure-by-default open source containers, dependencies, OS ...

Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface A new ...

A massive, self-replicating GlassWorm supply-chain attack has compromised hundreds of code repositories and extensions on GitHub, npm, and Open VSX.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

Security researchers at Noma Labs found a critical flaw in Context7, a widely used tool that feeds AI coding assistants ...

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies ...

Audit identifies credential harvesting, C2 callbacks, and data exfiltration patterns across 18.7% of the most popular ...

In our incident analysis, we examined more than 30,000 attacker dumps and tied the exposed secrets to 1,195 organizations worldwide, including banks, government bodies and large technology companies.

Shai-Hulud 2.0 exploited CI/CD pipelines in 2025, exposing shift-left flaws and driving curated catalogs to reduce CVE risk by 99%.

The flaw was discovered by Noma Labs researchers in the Context7 platform operated by Upstash. Context7 is used by developers ...

ClawSecure's analysis of 2,890+ popular OpenClaw agent skills reveals 9,515 security findings, with 30.6% rated HIGH or ...

A sophisticated malware operation targeting software developers has expanded its reach by exploiting trusted extension ecosystems, with security researchers uncovering dozens of malicious packages ...