An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

Boost Security has announced SmokedMeat, an open source red team framework for CI/CD pipelines that shows how attackers ...

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...

Backed by Sonatype's industry-leading security research team, Sonatype Repository Firewall helped customers prevent 136,107 open source malware attacks in Q1. To explore the full findings from the Q1 ...

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

Fraud operations have expanded beyond traditional hacking techniques to include methods that exploit legitimate services and real-world infrastructure. By combining publicly available data, weak ...

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware disguised as a Microsoft Teams error fix, turning one of the most popular ...

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, opening up new strategic vulnerabilities and new pathways to geopolitical ...

There are sound reasons for optimism that European governments can reduce their military reliance: defense spending is rising, particularly in countries in northern and eastern Europe, and Europe is ...

A newly disclosed security flaw in Axios, one of the most widely used HTTP client libraries in the JavaScript ecosystem, has raised concern across software and cloud security teams after official ...