Frontier AI is rewriting the economics of software supply chain security

When AI-assisted vulnerability discovery makes it dramatically easier to identify weaknesses hidden inside modern dependency ...
InfoWorld

When software developers and AI agents share the learning

When an agent does something, the whole company should learn from it, so that every developer gets access to the shared ...
Dark Reading

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

By targeting the automated workflows around repositories with targeted pull requests, attackers can potentially target ...

Exclusive: Chainguard extends Repository scanning and policies to Java, Python and containers

Secure software supply chain solution provider Chainguard Inc. today expanded its Chainguard Repository product with malware ...
CNET

Dataland, the First AI Museum, Converts Info Into a Multisensory Kaleidoscope

Its first exhibit translates rainforest data into a sumptuous audiovisual experience, but without a strong thesis about data ...
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
The Hacker News

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.
InfoWorld

AI coding agents may be getting bad instructions from ‘smelly’ config files

The first proposed catalog of 'configuration smells' reveals widespread issues like context bloat, skill leakage, and ...
Dark Reading

'Djinn' Stealer Targets Cloud, AI Credentials

The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.
DATAQUEST

The new software stack: How AI is changing SaaS, apps, and enterprise workflows

Features: AI is redrawing the enterprise software stack, turning applications into agents, data into context, and workflows ...
InfoQ

Million PDFs: Building a Modern Document Infrastructure with Rust and Typst

Erik Steiger discusses the operational pain of legacy PDF generation in regulated banking and manufacturing. He explains how ...

Why automated open source scans don't guarantee license compliance

Hannah Dacayanan of UnitedLex discusses ways in which automated software composition analysis tools identify open source ...