In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

Today's applications require monitoring, logging, configuration, etc. Each of these concerns can be implemented as a ...

A new command line tool designed to make any open-source repository “agent-ready” is exposing a fresh security blind spot in ...

Sonatype ®, the leader in AI-driven DevSecOps and steward of Maven Central, today announced its participation as a founding member of the newly-formed Sustaining Package Registries Working Group.

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...

Companies are treating these repositories like content delivery networks - now the Linux Foundation and colleagues are saying ...

Info is scant, but such breaches can reveal where a security product's controls are located and how detections are designed, ...

A leading US cybersecurity vendor has been breached by threat actors who managed to access its source code, it has been ...

Trellix disclosed over the weekend that hackers found their way to its source code repository. The company said that ...

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not ...