A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, worm-like malware across dozens of packages, security firms say. Named CanisterWorm ...

CanisterWorm infects 28 npm packages via ICP-based C2, enabling self-propagation and persistent backdoor access across developer systems.

Ocean Network links idle GPUs with AI workloads through a decentralized compute market and editor-based orchestration tools.

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden ...

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

New Opentrons AI capability lets scientists simulate and visually inspect automated laboratory experiments before robots execute them.

Something else to worry about.

OpenAI to acquire Astral, bringing Python tools like uv, Ruff, and ty into Codex as it moves from code generation to executing full developer workflows.

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...

Nvidia unveiled its open-source Agent Toolkit at GTC 2026, adding OpenShell, AI-Q, and major partners including Adobe, SAP, ...

Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP.

The new capability lets scientists simulate and visually inspect automated experiments before robots run them.