GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

Most AI coding benchmarks still ask the question: did the agent produce code that passes the current tests? This is a useful ...

A security researcher published six vulnerabilities in llama.cpp's model-file parser to the oss-security mailing list on May 15, 2026 — and none of them carry an assigned CVE number, meaning standard ...

GitHub hack exposed 3,800 internal repos through a poisoned VS Code extension, raising new concerns over developer supply ...

Andy MacMillan thinks business analysts, not IT and not the vendors, should own the layer where enterprise AI gets its ...

When (and why) does AI coding flip from promising to a security nightmare? Let's look under the coding hood.

The future belongs to the FDE, a multifaceted orchestrator who blends a slice of business analysis with a designer's empathy ...

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...

The dates for the 2026 Florida Python Challenge are set. Here's how last year's winner captured a whopping 60 pythons for the $10,000 grand prize.

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...