The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

Vibe coding lowers the barrier to programming by letting you describe what you want, test quickly, and learn by fixing what ...

Vibe coding is a natural language-driven, AI-assisted way to build software. Instead of writing every line of code by hand, you describe what you want via natural language prompts to an agentic AI ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Socket is scaling to defend open source against supply chain attacks as AI accelerates software development. SAN ...

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

Despite the advent of AI coding tools that allow developers to pump out products faster, some Houston-area companies have ...

OpenAI is telling every Mac user running its ChatGPT or Codex desktop app to update right now. The urgency traces back to a ...

May 2026 TIOBE Index keeps Python #1 as Java edges past C++. R climbs to #8, and Paul Jansen says statistical tools are ...

Now half the scientific community looks like caffeinated DJs remixing protein structures at 2 a.m. while whispering things ...