Attackers created at least 292 fake GitHub repositories that impersonated developer tools and redirected users to ...
The White House has launched GOLD EAGLE, an AI clearinghouse to coordinate vulnerability patching across infrastructure ...
A newly-disclosed exploit in Claude Code’s ‘auto-mode’ leaves developers facing remote code execution (RCE) vulnerabilities ...
The FBI warned that TeamPCP software supply chain attacks targeted developer tools to steal cloud credentials, SSH keys, and ...
IBM has expanded Bob with multi-agent AI tools, usage analytics, and isolated subagents for complex software development ...
Multi-agent AI systems require strict AWS Cedar policies to prevent unchecked privilege escalation during automated ...
IBM and Red Hat have launched Lightwell to automate vulnerability remediation across enterprise open-source software ...
According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
The latest edition of Perforce’s annual Java Developer Productivity Report highlights that teams aren’t realising the full promise of microservices and CI/CD.
Microsoft has found that developers upgrading to some new AI models face unpredictable token consumption and escalating costs. The company recently evaluated AI agent execution across two of Anthropic ...
Administrators of the open-source game engine Godot have blocked automated code submissions to protect repository governance and fix review backlogs.
North Korean threat actors are escalating the PolinRider supply chain attack across Go, Packagist, and npm package environments. The threat cluster – identified as Contagious Interview or Famous ...