Malicious Hugging Face Models Could Trigger Remote Code Execution
Organizations using vulnerable versions of the Hugging Face Transformers library could unknowingly execute attacker-controlled code simply by loading a malicious...
developer
Apple Begins Rosetta’s Final Phase as Intel Mac Era Winds Down
Apple’s Intel Mac era now has an expiration date. Ahead of WWDC 2026, the tech giant updated its developer documentation...
New GitHub Zero-Day Exposed Developer Tokens to Attackers
A single click on the wrong repository could have put a developer’s GitHub access at risk. Security researcher Ammar Askar...
CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited
A patch that should have retired an Oracle WebLogic vulnerability two years ago is now the reason CISA is sounding...
Fake Claude Code Installers Deliver Credential-Stealing Malware
Developers searching for Claude Code installation instructions may be walking into a sophisticated malware campaign that masquerades as legitimate AI...
The Next AI Security Failure May Start With a Trusted Assistant
An AI assistant does not need to “go rogue” to create a security incident. It only needs to follow the...
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
Ravie LakshmananMay 21, 2026Supply Chain Attack / Developer Tools GitHub on Wednesday officially confirmed that the breach of its internal...
Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft
Grafana has confirmed that an unauthorized party gained access to its GitHub environment after obtaining a compromised token, allowing the...
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Ravie LakshmananMay 19, 2026Supply Chain Attack / Developer Security Cybersecurity researchers have flagged a compromised version of the Nx Console...
Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More
Software development is undergoing a seismic shift as vibe coding turns plain English into functional applications in seconds. The era...
OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack
OpenAI is telling Mac users to update its apps by June 12 after a developer-focused supply chain attack exposed code-signing...
Millions of Windows PCs Face a Secure Boot Update Deadline in 2026
Microsoft Secure Boot certificates from 2011 begin expiring in June 2026. Here’s how to check whether your Windows PC has...
Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions
A developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop....
Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions
A developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop....
Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions
A developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop....