The code that makes up the software now powering U.S. utilities is rife with vulnerabilities, including hundreds that are "highly exploitable," a new research report released by Fortress Information ...

GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) extension. The company's initial assessment is that only internal repositories ...

According to its incident report, the attacker embedded malicious code in a Trivy artifact distributed through the project’s software supply chain. When the European Commission’s CI/CD pipelines ...

GitHub says hackers stole about 3,800 internal repos after a poisoned VS Code extension hit an employee device ...

On April 30, two releases of one of the most popular machine learning libraries on the Python Package Index were caught carrying credential-stealing malware. Versions 2.6.2 and 2.6.3 of the lightning ...

An unidentified threat actor breached one of application security vendor Xygeni's GitHub Actions this month via tag poisoning. Xygeni, which sells a number of AI-powered AppSec products, said in a ...

A compromised version of the popular ultralytics AI library has been found to deliver a cryptocurrency mining payload. ReversingLabs researchers traced the issue to a breach of the library’s build ...

Microsoft-owned web-based code hosting and collaboration platform GitHub has confirmed that it has been compromised, following reports that the TeamPCP hacking group had successfully attacked it.

Polymarket confirms a private key compromise drained over $520K from an internal wallet. Smart contracts and user funds ...

The latest stable version of phpMyAdmin -- the popular, GUI-based MySQL database software -- was released late last month, but thanks to a compromised download mirror, users running the newest version ...