GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Perplexity Bumblebee is an open-source developer security program. Bumblebee doesn't require AI or a subscription. The ...

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...

AI vs AI cybersecurity arrived in documented form on May 10, when an LLM agent drove a four-pivot intrusion to database exfiltration in under an hour with no human direction. CrowdStrike data puts ...

An attacker poisoned 84 TanStack npm versions across 42 packages, stealing GitHub OIDC tokens and cloud keys while planting a dead-man's switch that nukes your system.

Thousands of software development teams whose CI/CD pipelines depended on LocalStack’s free community edition lost access to no-cost, no-account AWS emulation on March 23, 2026, when the company ...

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

A 6MB editor quietly replacing tools that cost ten times more.

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim ...

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...