Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Chainguard is racing to fix trust in AI-built software - here's how ...

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...

JFrog has uncovered GhostClaw, a fake OpenClaw npm package that stole Keychain passwords, cloud credentials, and crypto wallets from 178 macOS developers.

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

New release integrates automated security scanning, AI-powered remediation, and GitHub-native workflows for enterprise ...

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point to more attacks to come.

The GlassWorm malware made news when it pivoted from exclusively targeting Windows users to also targeting Mac OS users in January, and in the time since, the malware campaign has spread across at ...

OpenAI is developing a new code-hosting platform to rival ‌Microsoft’s GitHub, The Information reported on Tuesday, citing a ⁠person with knowledge of the project. Engineers from OpenAI encountered a ...

Anthropic is bringing Voice Mode to Claude Code, the company’s AI coding assistant for developers. The launch of voice mode marks a significant step toward more hands-free, conversational coding ...