The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation focused on sustainably ...

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...

Open-source platforms have become essential tools for software developers, but they are also increasingly being used as ...

Add Yahoo as a preferred source to see more of our stories on Google. The project was shared on Hacker News, where Val, who developed this project, explained that the map was built using ESA’s GAIA ...

The Microsoft-owed software developer platform, GitHub, has confirmed a third-party has gained unauthorized access to 3800 ...

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

GitLab 19.0 extends agentic AI across the full development lifecycle with SBOM dependency scanning, Claude Opus 4.7 support, and credit-based agent pricing.

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, today announced the graduation of OpenTelemetry, a vendor-neutral, open source ...

GitHub has contained a breach involving unauthorized access to thousands of internal repositories, allegedly linked to a ...

Hadrian open-sources its methodology for turning commodity Large Language Models (LLMs) into reliable code review tooling ...

Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent ...