The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

Research shows 94% of CVE fix commits are pushed publicly before the advisory - a median 11-day window in which attackers can now weaponize a bug in minutes using frontier AI agents. The program ...

GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.

Malicious open source packages reach 1.346 million as attackers abuse trusted software, release paths, and developer ...

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

OpenAI is one of many organizations affected by the recent Axios supply chain attack attributed to North Korean hackers.

All macOS users must update their OpenAI apps, including ChatGPT, to the latest versions following a security incident, ...

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

An unknown malware slinger targeting open source software developers via Slack impersonated a real Linux Foundation official ...

Oops. A 60MB source map file just leaked Anthropic's entire roadmap.

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, ...

OpenAI said a GitHub Actions workflow involved in signing Mac applications downloaded and executed a malicious version of ...