After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Google has launched Gemma 4, which goes beyond chatbots and creates AI agents that can plan tasks, take actions on their own, generate code even without internet access, and process audio and video.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...

On the morning of March 24, 2026, tens of thousands of software developers working on AI applications were unknowingly exposed to malware.

LangChain and LangGraph have patched three high-severity and critical bugs.

Microsoft Authenticator Flaw on Android, iOS Could Leak Login Codes for Millions Your email has been sent A newly discovered vulnerability in Microsoft Authenticator could expose sensitive login codes ...

In addition to rolling out patches to address two zero-days affecting SQL Server and .NET, Microsoft introduced Common Log File System hardening with signature verification.

Here’s why Figma, Microsoft, IBM, and Capital One are among Fast Company’s Most Innovative Companies in enterprise for 2026.