Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

The White House app requests extensive permissions on Android. A technical analysis also raises data protection and security ...

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...

A widely used JavaScript package used with hundreds of millions of downloads has been compromised in a new supply chain ...

HELOTES, TX / ACCESS Newswire / March 30, 2026 / TurboPass today announced a comprehensive upgrade to its product suite, effective March 30, 2026. The platform upgrade introduces new verification ...

An extremely popular NPM package used in many JavaScript projects has been compromised and can wreak havoc on your machine if ...

Anthropic's Claude Code has surpassed 20 million GitHub commits, but 90% of output has landed in repos with fewer than two ...

Anthropic has launched auto mode for Claude Code and computer use for Cowork, expanding AI agent autonomy as revenue ...

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU ...

Allen Institute for AI, a prominent Seattle-based nonprofit research organization working on advancing artificial ...

Everything you may have missed from the past week.

Chainguard is expanding beyond open-source security to protect open-core software, AI agent skills, and GitHub Actions.