Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code ...

TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as ...

Over 170 packages across multiple high-profile NPM and PyPI projects were compromised in a new, coordinated Mini Shai-Hulud software supply chain attack. The campaign hit 42 TanStack packages, 65 ...

Four real SAP npm packages were hacked. The hackers added code that steals crypto wallets, cloud credentials, and SSH keys from developers. These packages had more than 500,000 downloads a week. Four ...

The Rust-built Zed editor has reached version 1.0, released yesterday, with development led by former members of the Atom team at GitHub. Nathan Sobo, CEO and co-founder of Zed Industries, said that ...

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. Bitwarden ...

Sophisticated cyberattacks targeting a variety of open source projects, including the Trivy security-scanner project, the widely used Axios Javascript package, and now Anthropic's accidental ...

I couldn't find any action that did comparisons between branches in a pull request (without committing back to the repository). Plus I like the idea of this being written in typescript which compiles ...

Anthropic on March 24 launched three features that expand its AI agents’ autonomy and reach: auto mode for Claude Code adds an AI safety classifier that approves routine developer actions, computer ...