The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

GitLab exposes abuse of its platform to trick software developers into downloading malicious payloads and finance companies ...

Security researchers at Noma Labs found a critical flaw in Context7, a widely used tool that feeds AI coding assistants ...

ClawSecure's analysis of 2,890+ popular OpenClaw agent skills reveals 9,515 security findings, with 30.6% rated HIGH or ...

A sophisticated malware operation targeting software developers has expanded its reach by exploiting trusted extension ecosystems, with security researchers uncovering dozens of malicious packages ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

Researchers at Endor Labs uncovered 88 new packages tied to new waves of the campaign, which uses remote dynamic dependencies to deliver credential-stealing malware.

Computer engineers and programmers have long relied on reverse engineering as a way to copy the functionality of a computer ...

Anthropic launches Code Review for Claude Code, a multi-agent AI system that audits pull requests for bugs at $15–$25 per review, as the company sues the Trump administration over a Pentagon “supply ...

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.