Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

「Google Chrome」と「Microsoft Edge」で、Webアプリ（PWA）を簡単にインストールできるようにする新しいHTML要素がテストされているとのこと。米Googleの開発者向けブログ「Chrome for ...

Socket is scaling to defend open source against supply chain attacks as AI accelerates software development. SAN ...

Reported over three years ago and allegedly still not properly fixed, the vulnerability enables attacks to execute JavaScript ...

Socket raises $60M to expand AI-driven software supply chain security and protect developers from cyber threats worldwide.

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

開発者が日常的に使うツールが、最も危険な侵入口になった。GitHubの内部リポジトリが5月18日、不正アクセスを受け、2日後にハッカーグループ「TeamPCP」が、盗んだソースコードをサイバー犯罪フォーラムに売りに出した。侵入口となったのはVS Code拡張機能だ。開発者ツールを悪用した連鎖攻撃で、既存のセキュリティツールでは検知できない“ゼロCVEの死角”を突く――。新しい攻撃の形が、開発者エコ ...

Massive scale attack The "Megalodon" campaign compromised over 5,000 GitHub repositories in 6 hours by weaponizing automated GitHub Actions workflows that execute when developers push code or merge ...