Sonatype®, the control plane for agentic software development, today expanded Sonatype Firewall protections to help organizations block malicious open source packages before they enter any repository ...

RevEng.AI, a cybersecurity company building the binary-native verification layer for the software supply chain, today announced it has raised a $15 million Series A round led by NATO Innovation Fund ...

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

OpenAI’s GPT-5.5 has emerged as the top-performing AI coding model on DeepSWE, a new long-horizon software engineering ...

CISA GitHub credential leak exposed AWS GovCloud admin keys, plaintext passwords, and an RSA private key for six months via a ...

Researchers say the campaign abused compromised access tokens and deploy keys to inject malicious GitHub Actions workflows ...

Financial Times tests and new research show safety guardrails on open-source AI models can be removed in minutes, raising doubts over developer-focused regulation and governance limits.

TeamPCP, the hackers behind the Shai-Hulud worm, has done significant damage to the open source ecosystem. But it's not ...

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

DeepSWE puts GPT-5.5 atop the AI coding leaderboard while raising new questions about Claude Opus, SWE-Bench Pro, and ...