Sometime in early 2026, a software developer did what millions of programmers do every week: updated a dependency. The ...

Today, I’m pleased to introduce something I’ve been working on for the past six months: Shortcuts Playground, a plugin for ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Here’s how to install Python like a boss. 4 keys to writing modern Python Here’s what you need to know (and do) if you want to write Python like it’s 2025, not 2005. How to use uv, the super-fast ...

With Flash GA, the company is attempting to transition from being a provider of raw compute to becoming the essential orchestration layer for the AI-first cloud.

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from ...

You're currently following this author! Want to unfollow? Unsubscribe via the link in your email. Sigrid Jin woke up at 4 a.m. on Tuesday. His phone was "blowing up" with the Claude Code leak. The ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

Spotify’s most senior engineers don’t type code anymore. In fact, they have not written a single line of code since December, co-CEO Gustav Söderström revealed during a recent earnings call. It’s not ...

Microsoft-owned GitHub continues to embrace OpenAI and Anthropic AI advances. Microsoft-owned GitHub continues to embrace OpenAI and Anthropic AI advances. is a senior correspondent and author of ...