Opinion
Chainguard's new Athena coalition uses AI to fix open-source flaws - before attackers exploit them
Chainguard will use AI to protect open-source code. Athena pools open-source users, developers, and maintainers. Others are also using AI to secure open-source code. As Chainguard puts it, "The gap ...
North Korean hackers are targeting open source software developers with a backdoor and an information stealer as part of a ...
IBM and Red Hat launch Lightwell to defend open-source code from AI attacks ...
Security tooling is not written in a single language. Python powers most automation. C sits at the exploit layer. PowerShell ...
A newly-disclosed exploit in Claude Code’s ‘auto-mode’ leaves developers facing remote code execution (RCE) vulnerabilities ...
A working exploit for a Linux kernel flaw that has existed since 2011 is now publicly available, and any logged-in user can run it to gain full root control of an affected machine in roughly five ...
A vulnerability chain dubbed AutoJack in Microsoft’s AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
As many as 145 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have ...
A fake npm package posing as Postmark's MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding a single line of code that secretly copied outgoing messages ...
TL;DR Why EN 303 645 matters ETSI EN 303 645 has given consumer IoT security a much-needed baseline. It gives manufacturers, assessors, and product teams a shared view of reasonable IoT security and ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results