Two developer workstations inside OpenAI installed compromised versions of the popular open-source TanStack library after an ...

CyberStrikeAI lowers the barrier to complex cyberattacks by combining AI orchestration, MCP integration, and more than 100 offensive tools into a single, public GitHub repository. AI is making it ever ...

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not laced with malicious code. In 2025, those odds got significantly worse.

OpenAI reported no user data compromise after a supply-chain attack targeting the TanStack npm library, part of the broader ...

Trellix disclosed over the weekend that hackers found their way to its source code repository. The company said that ...

Nvidia's reported platform will allow companies to dispatch AI agents to perform tasks for their own employees. The platform is expected to include security and privacy tools. The report comes as ...

Initiative supports responsible disclosure by the global security research community to protect critical open source ...

YARMOUTH, Maine — Developers are picking up the pieces after the catastrophic release of the Shai-Hulud 2.0 malware worm in the Node Package Manager (NPM) registry. The worm infected thousands of ...

A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block access to files stored locally or on ...

Some teams moved into cloud-native development so quickly that security decisions had to catch up later. Containers helped them ship updates faster, but the tools inside those containers came from ...