Chainguard, the trusted source for open source, today announced Chainguard Repository, a single Chainguard-managed experience for pulling secure-by-default open source containers, dependencies, OS ...

CI/CD workflows operate with the highest privileges in modern software delivery, yet they remain among the least protected components in the development stack. As engineering teams increasingly build ...

Open-source projects form much of the foundation of modern software, with many systems used in the industry relying on code ...

GlassWorm attack uses stolen GitHub tokens to inject malware into Python repositories, exposing developers to supply chain ...

Security leaders say monitoring agent behavior inside enterprise systems may be the next major challenge for CISOs.

Uber's CTO says AI is now writing a growing share of code inside the company. But, what are human software engineers doing ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

The Glassworm campaign has compromised over 151 GitHub repositories and npm packages using invisible Unicode payloads that ...

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using ...

CNCERT warns OpenClaw AI agent has weak defaults enabling prompt injection and data leaks, prompting China to restrict use on ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...