GitLab Secrets Manager, now in public beta, scopes credentials to individual jobs and governs access through the same ...

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

Protect your experienced engineers. They're the multiplier on every AI tool you adopt. Their judgment turns AI's speed into compounding value.

Most discussions of "AI auditability" in enterprise software start with the wrong assumption: that audit is a downstream ...

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...

Two fired FirstEnergy Corp. executives whose initial prosecutions in the state’s long-running $60 million bribery scandal ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

On May 11, 2026, several TanStack packages on npm were briefly replaced with malicious versions, raising fresh concerns about how attackers can use trusted open-source software to reach developer ...

Sometime on March 19, 2026, a poisoned version of the open-source security scanner Trivy slipped into automated build pipelines at the European Commission and began quietly stealing AWS credentials.

SpartanX, the world’s only full-stack AI-powered autonomous red teaming platform, today announced the release of NodeX, its new Internal Attack Capability that extends SpartanX’s External Attack ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...