The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

EmDash is a new content management system based on TypeScript and Astro. Plug-ins are intended to run securely within a ...

After a researcher flagged the issue on March 31, the code spread rapidly across public repositories, raising new questions ...

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

A file containing part of the source code appears to have been leaked with the recent Claude Code 2.1.88 update.

Anthropic accidentally exposed over half a million lines of its Claude Code, triggering a rapid global effort to copy and ...

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...

More open-source developers are finding that, when used properly, AI can actually help current and long-neglected programs.

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

Agents run amok: Identity lessons from Moltbook’s AI experimentThe late January launch of Moltbook, a social network for AI agents, will go down as the most intriguing mass agentic AI experiment we’ve ...