Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by inspecting and blocking risky packages, IDE ...

GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim ...

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems ...

Adobe patches a critical PDF flaw exploited for months, allowing attackers to bypass sandbox protections and deliver malware.

Backed by Sonatype's industry-leading security research team, Sonatype Repository Firewall helped customers prevent 136,107 open source malware attacks in Q1. To explore the full findings from the Q1 ...

Cloud platform provider Vercel said an attacker breached its systems and stole customer data after compromising a third-party ...

According to Cisco Talos, it's these URL-exposed webhooks – which make use of the same *.app.n8n [.]cloud subdomain – that ...

In a blog post on Wednesday, Mohan Pedhapati (s1r1us), CTO of Hacktron, described how he used Opus 4.6 to create a full ...