Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

A growing body of academic research warns that AI-assisted “vibe coding,” where language models assemble software from ...

Compliance continues to drive adoption of trusted open source: We saw the same themes from December present here, underscored ...

After the supply chain attack on LiteLLM, attackers were able to access internal Cisco data, it is said. Source code from ...

Switching away from subscription services is hardly about rejecting convenience. Open source services are now good enough to ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

According to Google researchers, a North Korean group tracked as UNC1069 has previously targeted cryptocurrency and ...

The threat group's shift to speedy attacks on AWS, Azure, and SaaS instances shows organizations need to respond quickly to ...

More open-source developers are finding that, when used properly, AI can actually help current and long-neglected programs.

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware ...

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...