DPRK IT workers exploit GitHub to pose as Asian developers, securing remote jobs to fund missile and nuclear programs.
We discovered 4 critical code vulnerabilities in Gogs, a source code hosting solution, which are still unpatched. Read about the details and how to protect yourself.
Sonatype's automated malware detection systems identified a malicious PyPI package called crytic-compilers, connected to Russia-linked Lumma Windows stealer, and named very closely after a well-known legitimate Python library that is used by cryptocurrency developers.
Valve has added a new security layer for developers who publish their games on Steam after a few had their accounts hacked.
