Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Open-source repositories are collapsing under the strain of 10 trillion downloads annually. All the major repositories are joining together to tackle this problem. While a lack of funds is a major ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

OpenAI says malware tied to the Shai-Hulud supply chain attack accessed internal repositories after infecting two employee ...

CNCF graduation, Microsoft tooling updates and cloud-provider support show broader OpenTelemetry adoption across developer platforms.