WordPress 7.0 “Armstrong,” released May 20, 2026, arrived without the real-time collaborative editing feature that had been ...

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

India's software supply chain security challenge is deepening as AI expands the attack surface while many enterprises lack ...

Massive scale attack The "Megalodon" campaign compromised over 5,000 GitHub repositories in 6 hours by weaponizing automated GitHub Actions workflows that execute when developers push code or merge ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Socket is scaling to defend open source against supply chain attacks as AI accelerates software development. SAN ...

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

Despite the advent of AI coding tools that allow developers to pump out products faster, some Houston-area companies have ...

Claude without MCP is only half the story.

OpenAI is telling every Mac user running its ChatGPT or Codex desktop app to update right now. The urgency traces back to a ...

A poisoned open-source dependency let attackers breach two OpenAI employee devices and steal credentials from a limited set of its internal source code repositories, OpenAI confirmed in a May 14, 2026 ...