GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

Microsoft has had a VS Code extension for a long time, and it finally came back to bite them.

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.

Developers are discovering that Model Context Protocol shines at providing AI coding agents with highly relevant software engineering context, on demand, at run time.

Supply chain chaos, old bugs, smarter phishing, and botnets everywhere — here’s what broke the internet this week.

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Over a six-week stretch in spring 2026, OpenAI rebuilt what its Codex product actually is. On April 16, the company released a major Codex update titled “Codex for (almost) everything,” ...

AI stock trading bots are becoming more common in 2026, but a safer trading decision still starts with verification. A tool ...

Google’s Project Zero demonstrates a new zero-click exploit for the Pixel 10 phones, showing a full escalation from remote to kernel without user interaction. During the investigation Project Zero ...

Open-source platforms have become essential tools for software developers, but they are also increasingly being used as ...