A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...

The best code editor might actually be your best everything editor.

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

Socket is scaling to defend open source against supply chain attacks as AI accelerates software development. SAN ...

CNCF graduation, Microsoft tooling updates and cloud-provider support show broader OpenTelemetry adoption across developer platforms.

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Learn how the Understand-Anything Claude Code plugin transforms complex repositories into interactive knowledge graphs to ...