Security

Latest from today

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace checks and silently installing malware onto developers’ systems.

By Shweta Sharma

Mar 16, 20263 mins

CybercrimeDevelopment ToolsMalware

Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors

By Shweta Sharma

Feb 25, 20263 mins

CareersDeveloperMalware

New npm worm hits CI pipelines and AI coding tools

By Shweta Sharma

Feb 24, 20263 mins

Development ToolsMalwareSecurity

Articles

AI agents and bad productivity metrics

Generating code without a rigorous validation framework is not engineering. It is simply mass-producing technical debt.

By Matt Asay

Feb 23, 2026 7 mins

Code SecurityDevopsSoftware Deployment

Compromised npm package silently installs OpenClaw on developer machines

While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.

By Taryn Plumb

Feb 20, 2026 5 mins

Artificial IntelligenceOpen SourceVulnerabilities

The data center gold rush is warping reality

Is the data center building boom driven by competitive signaling or real demand? If adoption falls short, today’s boom will bring tomorrow’s bust.

By David Linthicum

Feb 20, 2026 7 mins

Artificial IntelligenceCritical InfrastructureTechnology Industry

What happens when you add AI to SAST

Bringing AI agents and multi-modal analysis to SAST dramatically reduces the false positives that plague traditional SAST and rules-based SAST tools.

By Jenn Gile

Feb 19, 2026 9 mins

App TestingApplication SecurityDevSecOps

What drives your cloud security strategy?

As cloud breaches increase, organizations should prioritize skills and training over the latest tech to address the actual root problems.

By David Linthicum

Jan 6, 2026 5 mins

CareersCloud SecurityIT Skills and Training

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

By Gyana Swain

Feb 18, 2026 4 mins

Code EditorsDevelopment ToolsSecurity

Finding the key to the AI agent control plane

Permissions for agentic systems are a mess of vendor-specific toggles. We need something like a ‘Creative Commons’ for agent behavior.

By Matt Asay

Feb 16, 2026 8 mins

Generative AIIdentity and Access ManagementOpen Source

Google adds automated code reviews to Conductor AI

The Conductor extension now can generate post-implementation code quality and compliance reports based on developer specifications.

By Paul Krill

Feb 13, 2026 2 mins

Artificial IntelligenceCode SecurityGenerative AI

Single prompt breaks AI safety in 15 major language models

The GRP‑Obliteration technique reveals that even mild prompts can reshape internal safety mechanisms, raising oversight concerns as enterprises increasingly fine‑tune open‑weight models with privileged training access.

By Gyana Swain

Feb 10, 2026 6 mins

Artificial IntelligenceGenerative AISecurity

Claude AI finds 500 high-severity software vulnerabilities

Anthropic is reporting the flaws to developers — but only after having humans verify them.

By Maxwell Cooter

Feb 6, 2026 2 mins

Generative AIVulnerabilitiesZero-Day Vulnerabilities

How to reduce the risks of AI-generated code

Vibe coding is fast, useful, and here to stay. The freedom it brings must be matched with awareness that security is necessary and cannot be assumed.

By Crystal Morin

Feb 5, 2026 7 mins

Application SecurityDevSecOpsGenerative AI

Deno Sandbox launched for running AI-generated code

Deno Sandbox works in tandem with Deno Deploy—now in GA—to secure workloads where code must be generated, evaluated, or safely executed on behalf of an untrusted user.

By Paul Krill

Feb 5, 2026 2 mins

Code SecurityJavaScriptTypeScript