Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems ...

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

What makes Codex useful for building websites is that it can install software packages, run a local preview server, track ...

GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.

Backed by Sonatype's industry-leading security research team, Sonatype Repository Firewall helped customers prevent 136,107 open source malware attacks in Q1. To explore the full findings from the Q1 ...

OpenAI is one of many organizations affected by the recent Axios supply chain attack attributed to North Korean hackers.

If MediaFire shows a download error when you try to download a file in your browser, it usually means the file page loads correctly, but the actual ...

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...

Research shows 94% of CVE fix commits are pushed publicly before the advisory - a median 11-day window in which attackers can now weaponize a bug in minutes using frontier AI agents. The program ...

Imagine getting asked to do something by a person in authority. An unknown malware slinger targeting open source software ...