Chainguard is racing to fix trust in AI-built software - here's how ...

AI is burying open source maintainers under a flood of automated security reports they don't have the time or tools to ...

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...

GitHub's Octoverse 2025 data shows TypeScript became the most-used language as 80% of new developers adopt Copilot within their first week. TypeScript has dethroned both Python and JavaScript to ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Supply chain attacks feel like they're becoming more and more common.

GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Learn how to automate your Git workflow and environment variables into a single, error-proof command that handles the boring ...

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

In addition to rolling out patches to address two zero-days affecting SQL Server and .NET, Microsoft introduced Common Log File System hardening with signature verification.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...