A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

Open-source platforms have become essential tools for software developers, but they are also increasingly being used as ...

GitHub has confirmed that it is investigating unauthorized access to some of its internal repositories. The company shared ...

GitHub is investigating a cyberattack linked to a malicious VS Code extension after hackers allegedly accessed thousands of ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

Anthropic has introduced a new feature called Routines for Claude Code, allowing developers to configure automated coding ...

OpenSquilla is an open-source Python AI agent with ML model routing, four-tier memory, and syscall-level sandbox isolation.

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

An OpenAI API-compatible wrapper for Claude Code, allowing you to use Claude Code with any OpenAI client library. Now powered by the official Claude Agent SDK v0.1.18 with enhanced authentication and ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. The security issue is tracked as CVE-2026-26956 and ...