News

CSO Online3d
GitHub package limit put law firm in security bind
A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public ...
GitHub’s new AI coding agent can fix bugs for you
GitHub is launching an AI coding agent that can do things like fix bugs, add features, and improve documentation — all on a ...
Socket buys Coana to tell you which security alerts you can ignore
In its latest gambit to reduce the noise of unnecessary security alerts, Socket has acquired Coana, a startup founded in 2022 ...
Computing3mon
Lazarus Group hiding malware in GitHub and open-source packages
The group slips “undetectable” malware into GitHub ... packages disguised as legitimate DeepSeek AI libraries were removed from PyPI after extracting sensitive credentials from developers ...
SecurityWeek15d
Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
Supply chain attack compromises the popular rand-user-agent scraping NPM package to deploy and activate a backdoor.
Krebs on Security1mon
DOGE Worker’s Code Supports NLRB Whistleblower
Berulis, a 38-year-old security architect at the NLRB ... a lengthy and detailed critique of Elez’s code on the GitHub “issues” page for async-ip-rotator, calling it “insecure, unscalable ...