With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

If reinstalling software feels repetitive, these tools have some ideas.

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Microsoft confirms it temporarily removed GitHub repos after Miasma worm compromised 73 of its open-source projects to inject ...

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...

Use Python to make your data visualizations stand out.

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate approximately 3,800 of GitHub's internal source code repositories — everythi ...

A recently disclosed security flaw could turn 7-Zip into a powerful tool for cybercriminals seeking to spread malware online and compromise large numbers of PCs. The ...

The attacks stemmed from a GitHub account that was also compromised in a previous Miasma attack on Microsoft last month.

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.