Chainguard, the trusted source for open source, today announced it has expanded Chainguard Libraries coverage across Python, Java, and JavaScript, with customers seeing 94% coverage across the Python ...

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

UTSA: ~20% of AI-suggested packages don't exist. Slopsquatting could let attackers slip malicious libs into projects.

Canopy has launched its public testnet after a high-performing private phase that saw nearly 27,000 chains created and strong developer retention. The platform aims to simplify Layer-1 deployment ...

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...

OpenAI wants to retire the leading AI coding benchmark—and the reasons reveal a deeper problem with how the whole industry measures itself.

The incident pulled Matplotlib contributors and a wider circle of Silicon Valley engineers into a fast-moving debate over ...

Darktrace researchers say hackers used AI and LLMs to create malware to exploit the React2Shell vulnerability to mine cryptocurrency. It's the latest example of bad actor's using AI to create ...

AT&T's chief data officer shares how rearchitecting around small language models and multi-agent stacks cut AI costs by 90% at 8 billion tokens a day.

Software delivery startup Harness Inc. announced today the general availability of Artifact Registry, a new product release that securely manages software packages within the integration and delivery ...

ActiveState, a global leader in open source language solutions and secure software supply chain management, today announced it has grown its catalog of secure open source components to 79 million, ...