Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
IBM and Red Hat launched Project Lightwell with $5 billion to patch open-source vulnerabilities faster than AI can discover ...
The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced Akrites, a ...
Part of the SD Times 100 2026 series. See the full SD Times 100 2026 list for every category and honoree. Application security has spent years maturing around a relatively stable assumption: a human ...
Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
Organizations are governing identity policy while operating without visibility into the authority pathways those policies create.
The Java Community Process formally launches development of Java SE 28, with Project Valhalla once again positioned as the release's most closely watched feature.
Brussels presented the European Technological Sovereignty Package, which covers key growth and strategic areas such as semiconductors, artificial intelligence (AI), cloud technologies and open source.
Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...