The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.

That’s kind of how I imagine an AI tool would write the beginning of this column (I didn’t actually use one!). In some ways, ...

Community intelligence gathering around Cameroon’s Lobéké National Park reveals the presence of the Grey Parrot derivative ...

To alleviate emotional uncertainty, hasten access to treatment and improve outcomes for patients, Cone Health has increased ...

A powerful congressional committee is urging major telecommunications companies to do more to protect Americans against scams, part of a widening investigation into the role that U.S. companies play ...

CBSE has responded to claims of security flaws in its On Screen Marking (OSM) system, denying any breach and assuring student ...

Massive scale attack The "Megalodon" campaign compromised over 5,000 GitHub repositories in 6 hours by weaponizing automated GitHub Actions workflows that execute when developers push code or merge ...

CPD accredited public sector news, comment & analysis for Civil Servants responsible for building, shaping and delivering transformational public services. The UK's No1 Public Sector Magazine.

Rapid7 has released its Q1 2026 Threat Landscape Report, warning that AI-driven cyber-attacks are dramatically accelerating vulnerability exploitation and shrinking the window organisations have to ...

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

His war on Iran may not last forever, but he is now finding it very hard to extricate the United States from a conflict that he has good reason to regret. Over the weekend, Trump insisted that a deal ...