CrowdStrike, Google and the Shadowserver Foundation worked together to take down a botnet that poisoned over 300 GitHub ...

A serious security vulnerability in a widely used open-source Python component could put a large number of AI agents ...

A security researcher published six vulnerabilities in llama.cpp's model-file parser to the oss-security mailing list on May 15, 2026 — and none of them carry an assigned CVE number, meaning standard ...

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...

Sometime in early 2025, a security researcher flagged a configuration file that could do something it was never supposed to: ...

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Google prevents first known instance of 2FA cyber attack where hackers used AI-developed zero-day exploit; Know how to stay ...

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.

Solidity remains the dominant smart contract language for Ethereum and EVM-compatible chains, with the 2025 developer survey collecting responses from developers across eighty-seven different ...

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...