A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects ...

GitLab 19.0 extends agentic AI across the full development lifecycle with SBOM dependency scanning, Claude Opus 4.7 support, and credit-based agent pricing.

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Hadrian open-sources its methodology for turning commodity Large Language Models (LLMs) into reliable code review tooling ...

Azure Linux 4.0 expands Microsoft’s Linux strategy for secure AI and server workloads. Azure Container Linux offers hardened, lightweight infrastructure for Azure containers and regulated enterprises.

Composer 2.5 brings stronger long running coding performance to Cursor, with targeted RL, Kimi K2.5 foundations, new pricing, ...

Google followed its Cloud Next '26 Gemini Enterprise Agent Platform rollout and its Antigravity CLI transition with a broader I/O 2026 agent-development stack spanning Agent Studio, Managed Agents API ...

Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...