A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

Pakistan, May 21 -- When Microsoft AI chief Mustafa Suleyman warned that many white-collar tasks could be automated within ...

GitLab 19.0 extends agentic AI across the full development lifecycle with SBOM dependency scanning, Claude Opus 4.7 support, and credit-based agent pricing.

CNCF graduation, Microsoft tooling updates and cloud-provider support show broader OpenTelemetry adoption across developer platforms.

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Google followed its Cloud Next '26 Gemini Enterprise Agent Platform rollout and its Antigravity CLI transition with a broader I/O 2026 agent-development stack spanning Agent Studio, Managed Agents API ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...