Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...

A simple coding mistake is exposing API keys across thousands of websites

A large-scale study has revealed that websites are unintentionally exposing API keys tied to services like AWS, Stripe, and OpenAI, with most leaks traced back to publicly accessible JavaScript files.
Developer Tech

Isolating dynamic AI agent code execution with Cloudflare’s API

Securing dynamic AI agent code execution requires true workload isolation—a challenge Cloudflare’s new API was built to solve ...
Dark Reading

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

TeamPCP is the likely cyber threat actor behind attacks on Trivy, Checkmarx, and the LiteLLM AI library — and all signs point ...
Cyber Daily

Code security platform Trivy compromised by malicious packages

The open-source supply chain hack represents “meaningful industry-wide risk”, according to an industry expert.