GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

Perplexity Bumblebee is an open-source developer security program. Bumblebee doesn't require AI or a subscription. The ...

A security update closes a malicious code vulnerability in Docker for macOS. If attackers successfully exploit a security ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

Google says attackers are using AI for zero-day research, malware development, reconnaissance, and access to premium AI tools.

A 6MB editor quietly replacing tools that cost ten times more.

A research team at Mohamed bin Zayed University of Artificial Intelligence published a finding in April 2026 that has gained traction in engineering circles for reasons that go beyond its headline ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...

This is a Homebridge plug-in based on the Python-Kasa API Library to interact with TP-Link Kasa/Tapo Devices. This plug-in will automatically discover your TP-Link Kasa/Tapo Devices on your network ...

Visit http://localhost:7777/ to view and play with your ESLint config. Changes to the config file will be updated automatically. Run npx @eslint/config-inspector ...