Litecoin's foundation called the weekend exploit a zero-day. The litecoin-project GitHub repository shows the consensus ...

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

Bitwarden CLI 2026.4.0 was compromised via GitHub Actions in Checkmarx campaign, exposing secrets and distributing malicious ...

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other ...

Users of GitHub's command-line interface (CLI) who value privacy, beware. The Microsoft-owned code-hosting platform has quietly begun collecting pseudonymous client-side telemetry from CLI users and ...

ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian ...

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Discover the key differences between Claude cloud-based Ultra Plan and the highly detailed local Superpowers tool.

Threat actors have been exploiting the BlueHammer Microsoft Defender vulnerability as a zero-day to gain System privileges.