According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
IBM and Red Hat have launched Lightwell to automate vulnerability remediation across enterprise open-source software ...
JadePuffer, a ransomware operation, used an AI agent to carry out much of the intrusion chain from reconnaissance, key theft, ...
EXCLUSIVE There's no honor among thieves as a new worm steals from other infectious software. It pilfers “multiple” victims’ ...
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your security tools look.
ESET Research has released its H1 2026 Threat Report with statistics from December 2025 through May 2026.ClickFix – a social engineering ...
Ollama, the open-weight AI platform that lets developers run large language models on their own hardware with a single terminal command, closed a $65 million Series B on Thursday — and the most ...
Developed with leading global financial institutions and backed by a growing partner ecosystem, the new Lightwell offerings help enterprises mitigate open source risk without disruptive ...
Cybersecurity firm Novee has identified a GitHub Actions workflow-chain risk that can expose secrets even when checks pass, ...
A newly discovered 732-byte Python exploit poses severe risks to Linux systems globally. Affecting distributions like Ubuntu and Red Hat, this flaw has gone unnoticed since 2017. AI researchers found ...