Chainguard, the trusted source for open source, today announced Chainguard Repository, a single Chainguard-managed experience for pulling secure-by-default open source containers, dependencies, OS ...

Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface A new ...

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

Audit identifies credential harvesting, C2 callbacks, and data exfiltration patterns across 18.7% of the most popular ...

Security researchers at Noma Labs found a critical flaw in Context7, a widely used tool that feeds AI coding assistants ...

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies ...

In our incident analysis, we examined more than 30,000 attacker dumps and tied the exposed secrets to 1,195 organizations worldwide, including banks, government bodies and large technology companies.

Shai-Hulud 2.0 exploited CI/CD pipelines in 2025, exposing shift-left flaws and driving curated catalogs to reduce CVE risk by 99%.

The flaw was discovered by Noma Labs researchers in the Context7 platform operated by Upstash. Context7 is used by developers ...

ClawSecure's analysis of 2,890+ popular OpenClaw agent skills reveals 9,515 security findings, with 30.6% rated HIGH or ...

A sophisticated malware operation targeting software developers has expanded its reach by exploiting trusted extension ecosystems, with security researchers uncovering dozens of malicious packages ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...