Foundation celebrates five additional members, new cyber reasoning sandbox project, and release of v1.0.0 Python Secure ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

As more entities adopt Web3, companies are actively searching for Rust developers to build blockchain infrastructure, smart ...

Red Hat, the world's leading provider of open-source solutions, today announced expanded capabilities across its developer portfolio specifically built for the requirements of AI agents. Through the ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix ...

Google's GTIG identified the first zero-day exploit developed with AI and stopped a mass exploitation event. The report documents state actors using AI for vulnerability research and autonomous ...

Google said it disrupted a planned mass exploitation campaign involving a Python zero-day exploit likely developed with AI.

As AI models continue to get more powerful, it’s not too surprising that some people are trying to use them for crime. The ...