Anthropic has published an unusually concrete account of how its own engineers use Skills in Claude Code, the company’s command-line coding agent, in a June 3 post on the Claude blog written by ...

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

Sometime on March 19, 2026, a poisoned version of the open-source security scanner Trivy slipped into automated build pipelines at the European Commission and began quietly stealing AWS credentials.

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and ...

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

A fake Claude code installer can successfully exfiltrate decrypted cookies, passwords and payment methods from Chromium browsers. Here's how.

OpenAI confirms a severe 2026 supply chain attack compromised internal repositories. Discover how this TanStack security issue impacts Web3 developers.

AI-powered tools can help teams accelerate processes throughout the software development life cycle. Here’s how to make them ...

A newly discovered malware campaign targeting the open source software ecosystem underscores how rapidly supply chain threats are evolving. The campaign, which JFrog has dubbed "IronWorm," targets ...

Most discussions of "AI auditability" in enterprise software start with the wrong assumption: that audit is a downstream ...

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...