OpenSSF Notes Quarter of Growth with New Members, Added AI Security Resources, and Growing ...

The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation focused on sustainably ...

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...
iHLS Israel Homeland Security

A Hidden Backdoor in GitHub Projects Is Targeting Developers

Open-source platforms have become essential tools for software developers, but they are also increasingly being used as ...
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...
MacStories

Introducing Shortcuts Playground: Create Apple Shortcuts with Claude Code or Codex

Today, I’m pleased to introduce something I’ve been working on for the past six months: Shortcuts Playground, a plugin for ...
Memeburn

GitHub Hack Exposes 3,800 Repos and a Bigger VS Code Risk

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...
Tech Times

Voicebox Clones Any Voice From 3 Seconds of Audio, Runs Locally for Free, and Has No ...

A free, self-hosted voice-cloning studio built by Jamie Pine, the Canadian developer behind the Spacedrive file manager, has ...
InfoQ

Google Introduces Middleware Architecture for Genkit Applications

Google has introduced Middleware for Genkit, its open-source framework for building AI-powered and agentic applications. The ...
blockonomi

Best AI Crypto Trading Bots & Platforms in 2026 (No Code, No Experience Needed)

You’ve watched the market move while you slept — and missed it. You’ve heard that hedge funds and algorithm traders are consistently on the right side of trades, not because they’re smarter, but ...
cybernews

Supply chain hit once again: single NPM account pushes 600+ compromised packages, used by ...

Another massive supply chain attack is spreading. Hundreds of compromised NPM packages are being detected, with hackers using stolen secrets to create over 2,200 public GitHub repositories, all ...
i-SCOOP

Composer 2.5 in Cursor is built for long running coding work

Composer 2.5 brings stronger long running coding performance to Cursor, with targeted RL, Kimi K2.5 foundations, new pricing, ...