Foreign hackers attempted a novel AI-powered cyberattack targeting two-factor authentication using a zero-day exploit. Google ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

Solidity remains the dominant smart contract language for Ethereum and EVM-compatible chains, with the 2025 developer survey collecting responses from developers across eighty-seven different ...

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...

Composer 2.5 is Cursor's third-generation proprietary coding agent, available exclusively inside the Cursor IDE and through the @cursor/sdk — not as a general API. Like its predecessor, it is built on ...

GitHub has confirmed that hackers breached internal repositories through a poisoned VS Code extension after stolen source ...

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens ...

Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what happened and what it means.

Threat actors in Latin America have begun to use AI agents to facilitate their entire attack chains, from assisting with initial access to generating penetration tools on the fly — and organizations ...