The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...

Overview:  Functional testing tools help teams verify that software works as expected across web, mobile, and API ...

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.

See the key announcements from the event below and watch re:Invent 2025 keynotes. Amazon is expanding its Nova portfolio with four new models that deliver industry-leading price-performance across ...

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code ...

Over 170 packages across multiple high-profile NPM and PyPI projects were compromised in a new, coordinated Mini Shai-Hulud software supply chain attack. The campaign hit 42 TanStack packages, 65 ...

Picture this scenario: An Anthropic Skill scanner runs a full analysis of a Skill pulled from ClawHub or skills.sh. Its markdown instructions are clean, and no prompt injection is detected. No shell ...

Four real SAP npm packages were hacked. The hackers added code that steals crypto wallets, cloud credentials, and SSH keys from developers. These packages had more than 500,000 downloads a week. Four ...

The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom npm packages, plus the lightning PyPI package. The newly compromised packages ...

The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring. Four SAP NPM packages have been injected with malicious code as part of a new ...

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. Bitwarden ...