A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix maps every blind spot and fix.

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

Thousands of software development teams whose CI/CD pipelines depended on LocalStack’s free community edition lost access to ...

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools.

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

The hacker group TeamPCP uploaded two malicious versions of the popular Python library LiteLLM to PyPI. Using a previously compromised version of the vulnerability scanner Trivy, the attackers stole ...

I made my own Google TV remote with an ESP32, and it's better than the actual remote.

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused ...