Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace ...

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...

A critical remote code execution and supply chain vulnerability was recently discovered by researchers in Gemini CLI.

Security researchers warn that a vulnerability in the widely used Gemini CLI could allow remote code execution in CI/CD ...

Multiple SAP npm packages were compromised in a supply chain attack designed to steal developer credentials and tokens.

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one ...

DreamWall has entered the residential CI and AV integration market as a full digital solutions company built around premium ...

No doubt keen on string-based instruments, the founders behind San Francisco-based Gitar have created a developer ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.