Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

OpenAI is telling every Mac user running its ChatGPT or Codex desktop app to update right now. The urgency traces back to a ...

Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages ...

Socket is scaling to defend open source against supply chain attacks as AI accelerates software development. SAN ...

現地時間2026年5月19日にセキュリティアドバイザリを公開。特定環境下において、認証なしにリモートより悪用できるヒープバッファオーバーフローの脆弱性「CVE-2026-8711」について明らかにしたもの。

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

生成AIの進化によって、開発者の役割は自らコードを書くことから、AIツールが生成したコードをレビューする作業へとシフトしつつある。しかし、そのようなコードの安全性には大きな課題が残されている。

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.