Weeks after being declared eradicated, GlassWorm is again infesting open source extensions using the same invisible Unicode ...

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...

The GlassWorm malware has reared its ugly head again in the Open VSX registry, roughly two weeks after being removed.

Developers will have to contend with a dormant turned active malicious code on Visual Studio Code (VS Code) extensions, which ...

Research by Wiz shows that industry titans, with combined valuations exceeding $400 billion, have left the equivalent of ...

AI companies have had a pretty rocky history with cybersecurity and data privacy, and new research from Wiz shows this still ...

The timing of the Octoverse 2025 report release during the conference proved strategic, as it provided attendees with ...

Legit Security, the leader in securing AI-powered development, today announced VibeGuard, the industry's first solution designed to secure AI-generated code at the moment of creation and to secure ...

Aardvark represents OpenAI’s entry into automated security research through agentic AI. By combining GPT-5’s language ...

Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code ...

Developers treat GitHub Gists as a "paste everything" service, accidentally exposing secrets like API keys and tokens. BYOS lets you scan and monitor these blind spots.