The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.

Community intelligence gathering around Cameroon’s Lobéké National Park reveals the presence of the Grey Parrot derivative ...

That’s kind of how I imagine an AI tool would write the beginning of this column (I didn’t actually use one!). In some ways, ...

To alleviate emotional uncertainty, hasten access to treatment and improve outcomes for patients, Cone Health has increased ...

A powerful congressional committee is urging major telecommunications companies to do more to protect Americans against scams, part of a widening investigation into the role that U.S. companies play ...

CBSE has responded to claims of security flaws in its On Screen Marking (OSM) system, denying any breach and assuring student ...

Massive scale attack The "Megalodon" campaign compromised over 5,000 GitHub repositories in 6 hours by weaponizing automated GitHub Actions workflows that execute when developers push code or merge ...

CPD accredited public sector news, comment & analysis for Civil Servants responsible for building, shaping and delivering transformational public services. The UK's No1 Public Sector Magazine.

Rapid7 has released its Q1 2026 Threat Landscape Report, warning that AI-driven cyber-attacks are dramatically accelerating vulnerability exploitation and shrinking the window organisations have to ...

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background ...