In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...

OpenAI confirmed on Wednesday that it found no evidence suggesting user data was compromised following a security incident ...

Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers' servers. Exploitation started in early February, ...

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript ...

OpenAI is telling every Mac user running its ChatGPT or Codex desktop app to update right now. The urgency traces back to a ...

India's software supply chain security challenge is deepening as AI expands the attack surface while many enterprises lack ...

Microsoft CEO Satya Nadella was asked point-blank by a Wall Street analyst on Wednesday how its revised OpenAI partnership would impact Microsoft’s financials. He said that the new agreement was a ...

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, ...

Experts say until the distros release patches, CSOs have to beware of unauthorized privilege escalation; Kubernetes container escape is also a risk. CSOs must ensure their Linux-based systems block ...