Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the ...

Creating a GitHub organization is easy. Creating a public one that is actually well-structured, secure, and maintainable over time… not so much. At the beginning, it feels like a simple task: create ...

Starting on April 24th, all GitHub Copilot interaction data including inputs, outputs, code snippets, and associated context from Copilot Free, Pro, and Pro+ users will be used to train GitHub's AI ...

If you have a code repository or other work stored in GitHub, you need to be aware of a major change at the service.

Hackers breach Checkmarx developer tools to steal sensitive data, exposing risks in widely used software systems.

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...

A hands-on test found that OpenClaw can work with VS Code for file-based drafting and source-driven synthesis, but the current experience is still centered on a local gateway and workspace model rathe ...

On March 19, 2026, a threat actor known as TeamPCP compromised Aqua Security’s Trivy vulnerability scanner – the most widely adopted open-source scanner in the cloud-native ecosystem. The attacker ...

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor ...

Security teams are trapped between proprietary AI SOC vendors that obscure model intelligence and open-source tools that haven’t kept up with agentic architectures. A new open-source project, Vigil, ...

A summary of the announcements made by vendors in the days leading up to the RSAC 2026 Conference. As hundreds of vendors ...