A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension

GitHub confirms breach of 3,800 internal repos after employee installs poisoned VS Code extension - SiliconANGLE ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

GitHub investigates internal repositories breach claimed by TeamPCP

GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...

OpenSSF Notes Quarter of Growth with New Members, Added AI Security Resources, and Growing Community

The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation focused on sustainably ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
Visual Studio Magazine

The Rise of OpenTelemetry in Microsoft Dev Tooling

CNCF graduation, Microsoft tooling updates and cloud-provider support show broader OpenTelemetry adoption across developer platforms.
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
Tech Times

Claude Code Study: Four Competing Teams Built Same Agent Harness, Pointing to Real AI Moat

A research team at Mohamed bin Zayed University of Artificial Intelligence published a finding in April 2026 that has gained traction in engineering circles for reasons that go beyond its headline ...