Chainguard, the trusted source for open source, today announced it has expanded Chainguard Libraries coverage across Python, Java, and JavaScript, with customers seeing 94% coverage across the Python ...

On February 20, 2026, AI company Anthropic released a new code security tool called Claude Code Security. This release ...

Docker is a widely used developer tool that first simplifies the assembly of an application stack (docker build), then allows for the rapid distribution of the resulting executabl ...

The Arkanix Stealer malware can collect and exfiltrate system information, browser data, VPN information, and arbitrary files ...

Abstract: This paper presents a controlled, pedagogical demonstration showing how high-level programming conveniences can be used to build compact, fileless malware for classroom instruction in ...

According to GitHub, the PR was marked as a first-time contribution and closed by a Matplotlib maintainer within hours, as ...

ClickFix campaigns have adapted to the latest defenses with a new technique to trick users into infecting their own machines with malware.

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.

Microsoft details a new ClickFix variant abusing DNS nslookup commands to stage malware, enabling stealthy payload delivery and RAT deployment.

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers ...

Sign of the times: An AI agent autonomously wrote and published a personalized attack article against an open-source software maintainer after he rejected its code contribution. It might be the first ...

Researchers have revealed that bad actors are targeting dYdX and using malicious packages to empty its user wallets. According to the report, some open source packages published on the npm and PyPi ...