Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Chainguard, the trusted source for open source, today announced Chainguard Repository, a single Chainguard-managed experience for pulling secure-by-default open source containers, dependencies, OS ...

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Chainguard is expanding beyond open-source security to protect open-core software, AI agent skills, and GitHub Actions.

New private repository secures the AI-driven development boom by grounding LLMs in a library of 79 million vetted, ...

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules.

Open-source projects form much of the foundation of modern software, with many systems used in the industry relying on code written and maintained by volunteers or small teams. Those maintainers often ...

Boost Security today announced Boost Security Developer Endpoint Security, a new platform designed to secure the rapidly expanding attack surface created by AI-powered software development. The ...

The IT Planning Council has revised eight EVB-IT model contracts. Open source will become the standard for new software, ...

Bybit adds copy trading, enabling AI-driven leader-follower strategies. Expanded bots support grid, DCA, martingale, and ...

The consensus among early adopters is that Anthropic has successfully internalized the most desirable features of the open-source movement—multi-channel support and long-term memory ...