Save your clicks with a few lines of Python code.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.

Semiconductor provider Nuvoton Technology has launched a graphical user interface (UI) tool designed specifically for machine ...

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Today, I’m pleased to introduce something I’ve been working on for the past six months: Shortcuts Playground, a plugin for ...

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.