A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...

GitHub is adding AI-powered security detections to its Code Security offering, aiming to catch more vulnerabilities across a ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

An unidentified threat actor breached one of application security vendor Xygeni's GitHub Actions this month via tag poisoning. Xygeni, which sells a number of AI-powered AppSec products, said in a ...

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...

Chainguard is racing to fix trust in AI-built software - here's how ...

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

A missed step in a manual deployment process exposed the internal workings of one of AI's hottest coding tools—and briefly ...

Anthropic launches AI agents to review developer pull requests. Internal tests tripled meaningful code review feedback. Automated reviews may catch critical bugs humans miss. Anthropic today announced ...