Chainguard, the trusted source for open source, today announced it has expanded Chainguard Libraries coverage across Python, Java, and JavaScript, with customers seeing 94% coverage across the Python ...

UTSA: ~20% of AI-suggested packages don't exist. Slopsquatting could let attackers slip malicious libs into projects.

The Arkanix Stealer malware can collect and exfiltrate system information, browser data, VPN information, and arbitrary files ...

Familiarity with basic networking concepts, configurations, and Python is helpful, but no prior AI or advanced programming ...

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

Microsoft warns that Python-based infostealers are increasingly targeting macOS, harvesting sensitive data and challenging assumptions about Apple's malware immunity..

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers ...

Canopy has launched its public testnet after a high-performing private phase that saw nearly 27,000 chains created and strong developer retention. The platform aims to simplify Layer-1 deployment ...

AT&T's chief data officer shares how rearchitecting around small language models and multi-agent stacks cut AI costs by 90% at 8 billion tokens a day.