As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...

With 2.65 million hotels, $600,000 in recurring revenue, 40+ ecosystem partners, 65,000 users, and a live AI travel product ...

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

A design choice in the MCP SDKs allows remote code execution across the AI supply chain.

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...

Snowflake delivers agentic AI for both business users and builders on a single platform with Snowflake Intelligence and ...

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...