Trusted developer tools are becoming the new path into enterprise software environments.
Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth ...
Researchers warn that collaboration could lead to “unprecedented” ransomware attacks, as FBI also issues warning ...
Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...
Threat intelligence firm Cyble said such attacks occurred, on average, nearly 13 times per month last year, from February through September 2024. Starting in October, they surged to nearly 16 per ...
Microsoft links the recent Mastra AI npm supply chain attack to , a North Korean group known for cryptocurrency theft ...
Defenders cannot respond effectively if their operational model still depends entirely on human-scale review cycles and fragmented visibility ...
It has been a bad six weeks for security firm Checkmarx. Over the past 40 days, it has been the victim of at least one supply-chain attack that delivered malware to customers on two separate occasions ...
Four supply-chain incidents hit OpenAI, Anthropic and Meta in 50 days: three adversary-driven attacks and one self-inflicted packaging failure. None targeted the model, and all four exposed the same ...
The recent Shai Hulud 2.0 incident was initially described as an “npm worm” and a “GitHub repository attack.” That framing missed the point. When you look at what actually left victims' environments, ...