North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and enabling remote control.

Chainguard is racing to fix trust in AI-built software - here's how ...

Something else to worry about.

If you're a cybersecurity enthusiast or ethical hacker who wants to learn more about building hacking tools, this book is for ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain.

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

OpenAI has launched the Codex app for Windows, a desktop tool that lets developers run multiple AI coding agents, automate ...