Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...

VS Code 1.123 adds a two-hour delay before extensions auto-update to newer versions when automatic updates are enabled.

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access ...

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...