SecurityWeek

Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise

When researchers found an obfuscated token while examining the relationship between OpenAI Codex and GitHub, they took notice ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
Opinion

The open source blind spot in our supply chains

Supply chain attacks are increasing in volume, but open source vulnerabilities continue relatively unnoticed.
The Hacker News

The Real Problem Isn't That AI Can't Write Secure Code - It's That It's Expanding Attack Surface

AI-driven development accelerated credential sprawl in 2025, with 28.65M secrets detected, expanding attack surface and remediation strain.

OpenClawd Ships Verified Skill Screening After Security Researchers Find 12% of OpenClaw Marketplace Skills Are Malware

Independent security researchers recently completed an audit of the ClawHub skill marketplace ā€” the primary distribution ...

Major Security Breach Of Critical AI Dependency Exposes Cloud Secrets

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

Hackers are using fake coding jobs to spread malware through GitHub

The malware at the center of it, dubbed Omnistealer by investigators, uses public blockchains not just for payments, but as ...
Bitdefender

Lapsus$ claims AstraZeneca breach exposes code and credentials

Alleged AstraZenea data leak raises concerns over internal access, source code exposure and follow-on cyber risks.
The Hacker News

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

M secrets leaked in 2025, up 34% YoY, driven by AI growth and poor remediation, expanding enterprise attack surfaces.

Self-propagating malware poisons open source software and wipes Iran-based machines

A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagating and never-before ...

Launch of NetRise Provenance Reveals Who and What Are Behind Open Source, And How Risk Propagates Through the Supply Chain

NetRise®, the software supply chain security company that exists to eliminate blind trust in software, today announced the ...