Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...

Chainguard is expanding beyond open-source security to protect open-core software, AI agent skills, and GitHub Actions.

GhostClaw, a macOS infostealer, is spreading through GitHub repositories and developer tools, and it works because routine install habits make running malware feel completely normal.

Hackers target OpenClaw developers with fake GitHub repos and phishing sites, tricking users into connecting wallets and losing funds.

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

New private repository secures the AI-driven development boom by grounding LLMs in a library of 79 million vetted, ...

CI/CD workflows operate with the highest privileges in modern software delivery, yet they remain among the least protected components in the development stack. As engineering teams increasingly build ...

Microsoft added a controversial Copilot change to Windows keyboards. A developer just built a tool to fight back.

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.

Abstract: Software repositories contain a wealth of data about the software development process, such as source code, documentation, issue tracking, and commit histories. However, accessing and ...