The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

Your weekly strategic brief on the cyber threat landscape. Uncover the deeper patterns behind attacks, from bootkit malware ...

From cloud hand-offs to GitHub reviews, GPT-5-Codex is optimized for agentic coding and designed to supercharge developer workflows.

Discover GitHub Spec Kit, the open-source toolkit for spec-driven development, bringing clarity and collaboration to software ...

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep ...

Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to steal funds.

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

Hackers used the secrets stolen in the recent Nx supply chain attack to publish over 6,700 private repositories publicly.

This week, one story stands out above the rest: the Salesloft–Drift breach, where attackers stole OAuth tokens and accessed ...

This “connector,” specially designed for shadcn/ui v4, organizes information such as component documentation, source code, examples, and installation methods into a format that models can understand, ...

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...