Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

I've reviewed every PDF editor out there - then I had ChatGPT build me a better one ...

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

There's another likely North Korean-linked scam hitting developers and their employers, while snarfing up credentials and ...

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

If reinstalling software feels repetitive, these tools have some ideas.

With Microsoft's new Dev Configs, a Windows installation becomes a ready-to-use developer workstation with a single command – including WSL and Ubuntu.

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...

The Meta-Harness Omnigent combines AI agents like Claude Code and Codex under a common policy and collaboration layer – under ...

Detection and analysis tools for the atomic-lockfile supply-chain attack on the Arch User Repository (AUR). This is a collection of all the scattered resources, especially the ones in the detection ...