Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

American AI startup Poolside launches free, high-performing open model Laguna XS.2 for local agentic coding

By putting the weights of a highly capable, 33B-parameter agentic model in the hands of researchers and startups, Poolside is ...

Ongoing supply-chain attack 'explicitly targeting' security, dev tools

Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one ...
The Hacker News

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx data surfaced after March 23, 2026 supply chain attack, prompting repository lockdown and investigation, raising ...
YourStory

This OpenAI demo shows how real-time AI agents actually work

OpenAI’s new demo shows developers how to build real-time voice agents with handoffs, tools and production-style ...
Decrypt

OpenClaw Insider Builds the Enterprise Safety Layer the Project Never Shipped

Red Hat principal engineer and OpenClaw maintainer Sally O'Malley released Tank OS—a tool that sandboxes AI agents in ...
HousingWire

Rethinking the CRM: How Sure Send is redefining daily execution for modern real estate and lending teams

Sure Send unifies communication and daily execution for lenders, helping teams simplify workflows, improve follow-up and ...
Decrypt

Tencent's New Hy3 AI Model Is the Most Efficient Chinese LLM No One's Talking About

Tencent just open-sourced Hy3 preview, a model that punches above its weight on coding agents, reasoning, and search—built in ...
Developer Tech

Check Point: AI coding assistants are leaking API keys

Check Point researchers have found that popular AI coding assistants are unintentionally leaking sensitive internal data, ...
TMCnet

NobleTek and Redshred Partner to Transform How Aerospace, Defense, and Industrial Enterprises Unlock the Value of Their Documents

The partnership will make Redshred's platform available to enterprise clients across Aerospace, Defense, Space, Maintenance Repair & Overhaul (MRO), Heavy Equipment, and other technically complex ...
Security Boulevard

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...
CSO Online

Bitwarden CLI password manager trojanized in supply chain attack

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...