Krebs on Security

CISA Admin Leaked AWS GovCloud Keys on Github

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public ...

Advancing Open Source Patent Protection: Preservation of OIN 2.0 Source Code

Open Invention Network (OIN), the only organization dedicated to mitigating patent risk in open source software (OSS), today announced the preservation of the source code that makes up OIN 2.0’s Linux ...

Trellix source code breach claimed by RansomHouse hackers

The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which ...
The Information

Microsoft Executives Sound the Alarm Over GitHub’s Eroding AI Lead

No part of Microsoft better illustrates its predicament in AI than GitHub. The AI boom has boosted usage and revenue of the ...
SecurityWeek

Trellix Source Code Repository Breached

Trellix says a part of its source code repository was recently breached, but shared little other information about the ...
Dark Reading

Trellix Source Code Breach Highlights Growing Supply Chain Threats

Info is scant, but such breaches can reveal where a security product's controls are located and how detections are designed, ...
CSO Online

AI coding is fueling a secrets-sprawl crisis few CISOs are containing

CISOs should treat secrets sprawl as a governance challenge. This means enforcing clear ownership, adopting short-lived ...

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI ...
Security Boulevard

The TanStack Breach and the Fragility of Trusted Code

On May 11, 2026, several TanStack packages on npm were briefly replaced with malicious versions, raising fresh concerns about ...

Fake OpenAI repository on Hugging Face pushes infostealer malware

A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project ...

ArXiv will ban researchers for a year if they submit papers with AI slop

The arXiv (pronounced "archive") team recently announced a significant update to its official code of conduct. The popular open-access repository of research papers awaiting peer review ...