Hugging Face's LeRobot platform — a free, open-source framework for training AI models on physical robots — now hosts more than 58,000 community-contributed datasets, up from 1,145 at the end of 2024, ...

TeamPCP is an increasingly notorious group of cybercriminals that carry out software supply chain attacks, where hundreds of open-source tools are corrupted and victims extorted for profit.

Foreign hackers attempted a novel AI-powered cyberattack targeting two-factor authentication using a zero-day exploit. Google's Threat Intelligence Group detected and thwarted this sophisticated plot, ...

When (and why) does AI coding flip from promising to a security nightmare? Let's look under the coding hood.

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures. As AI coding assistants accelerate software ...

The malware spread through npm, PyPI, and Rust packages in coordinated waves. It steals crypto wallets, SSH keys, and cloud developer credentials. AI coding tools were also targeted through malicious ...

DCI lets AI agents search raw files with grep and bash instead of embeddings — boosting accuracy 11 points and cutting ...

Solidity remains the dominant smart contract language for Ethereum and EVM-compatible chains, with the 2025 developer survey collecting responses from developers across eighty-seven different ...

Our team of savvy editors independently handpicks all recommendations. If you make a purchase through our links, we may earn a commission. Deals and coupons were accurate at the time of publication ...

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...