A Rust infostealer called IronWorm hid in 36 npm packages from the Arweave ecosystem. The malware self-replicated and then pushed backdated malicious commits across nine organizations. Developers who ...

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.

In one proposed version of the strike, Wikipedia's volunteer editors would make edits only in instances of 'egregiously ...

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...

CISA, the US government agency whose entire job is keeping America’s critical infrastructure safe from hackers, has had a ...

I ditched VS Code for Zed instead of going for Google's Antigravity, and now the editor feels genuinely fast ...

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

Anthropic acquired Stainless, the SDK compiler behind OpenAI, Gemini and Llama. The deal hands one AI lab structural leverage over rivals' developer ecosystems.

MATTHEW SHARP is a Senior Fellow at the Center for Nuclear Security Policy at the Massachusetts Institute of Technology. He worked on nuclear issues at the State Department and at ...