Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.
TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm packages.
Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.
TanStack tightens security measures after supply chain attacks. Pull requests may soon only be possible by invitation.
TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
A security flaw in “Claude in Chrome” enables any Chrome extension, including those without permissions, to execute privileged commands, steal data, and perform agentic actions.
A California jury has tossed out Elon Musk's high-profile lawsuit against OpenAI and its boss Sam Altman. In a unanimous ...
Google AI Studio lets users test Gemini models, build apps, generate media, and export code. Here’s what it does, costs, and ...
The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
Company expects Ontario Securities Commission to issue a failure to file cease trade order that would prohibit trading in its securities in Canada ...
A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results