Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

A new GitHub plugin, Endless Toil, makes your coding agent emit escalating human moans as it suffers through your spaghetti ...

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...

The company is deploying agents to audit model use, monitor device health, and accelerate engineering, even as it warns that ...

The compromise of a version of Bitwarden's CLI is connected to the ongoing Checkmarx supply chain campaign, but differences in the operational methods of both incidents are making it difficult to ...

We tested Clym's free, open-source accessibility testing suite. An honest review of what it covers, how it works, and whether ...

Stop switching screens!

CVE-2026-33626 exploited within 13 hours of disclosure, enabling SSRF-based cloud credential theft and internal scanning.