Unidentified threat actors have successfully compromised the GitHub repository for “all-in-one” security scanner Trivy, pushing a malicious update to downstream users that can deploy an infostealer.

OpenAI has acquired Astral, the company behind Python tools uv and Ruff, to integrate them into its Codex platform as it competes with Anthropic's Claude Code.

Chainguard is racing to fix trust in AI-built software - here's how ...

The consensus among early adopters is that Anthropic has successfully internalized the most desirable features of the open-source movement—multi-channel support and long-term memory ...

OpenAI Group PBC today announced plans to acquire Astral Software Inc., a startup with a set of widely used Python development tools.  The terms of the deal were not disclosed. Astral’s development ...

A malicious Python package masquerading as a legitimate Telegram development tool has been identified as a vehicle for remote code execution attacks, raising concerns about supply chain security ...

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.

One of the most popular ways to view the Epstein Files, an interface called Jmail that mimics a Gmail inbox, is hosted on Guillermo Rauch’s $9 billion unicorn Vercel.

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a ...

AI coding tools and autonomous agents are generating more code, pulling in more dependencies, and interacting with open source at a scale humans have never seen before," said Dan Lorenc, CEO and ...