The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation focused on sustainably ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

The exploit code was almost too neat. When Google’s Threat Intelligence Group flagged a previously unknown software ...

As adoption of MCP servers accelerates into the tens of thousands, developers and platform teams are increasingly responsible ...

May 4, 2026: Surprise! Kaiju Unleashed - the new name for Project Universe - is back a little early. Given it's in testing, though, we don't have any new Kaiju Unleashes codes for the Final wars ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...

Artificial intelligence tools are making it faster than ever to reproduce creative work. Does copyright even matter anymore? By Meaghan Tobin Reporting from Taipei, Taiwan Sigrid Jin was waiting to ...

Summary: Lovable, the $6.6 billion vibe coding platform with eight million users, has faced three documented security incidents exposing source code, database credentials, and thousands of user ...