The Hacker News

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX bug misread scanner failures as clean results, letting malicious VS Code extensions go live before patch in v0.32.0.
InfoQ

OpenAI Extends the Responses API to Serve as a Foundation for Autonomous Agents

OpenAI announced they are extending the Responses API to make it easier for developer to build agentic workflows, adding ...

Point Wild Releases Free LiteLLM Vulnerability Scanner Within 24 Hours of Supply Chain Attack

New AI-powered scanner -- who-touched-my-packages -- detects zero-day malicious packages and credential exfiltration in seconds BOSTON, March 26, 2026 /PRNewswire/ -- Point Wild, a leading global ...
Infosecurity Magazine

Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds

Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a ...

GitHub adds AI-powered bug detection to expand security coverage

GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
Dark Reading

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point ...

ProjectDiscovery Launches Neo, an Advanced Security Testing Platform That Finds and Proves Real Vulnerabilities

ProjectDiscovery, winner of the 2025 RSAC Innovation Sandbox, today announced the commercial launch of Neo, an advanced security testing platform that autonomously performs end-to-end penetration ...

Amazon security boss says crims abused max-security Cisco firewall flaw weeks before disclosure

Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as ...

Waratek Redefines Secure Development with Launch of Waratek IAST at JavaOne 2026

AI-assisted code speeds development, but introduces vulnerabilities at an alarming rate. Waratek IAST reports flaws ...

Pervaziv AI Launches Cortex 3.0 in Chrome, Edge and Firefox – World’s First Cross-Browser/IDE AI Coding & Security Agent

Cortex 3.0 delivers AI-powered code generation, vulnerability scanning, Enterprise AI & DevSecOps integrations, ...