GLM 5.2 from Zhipu AI tops Semgrep's internal cybersecurity benchmark suite, outranking Claude. What the numbers mean — and don't mean — for security teams.
An anonymous actor used AI-assisted fuzzing to find 20 open source zero-days and published them without disclosure. Here's what that means for your stack.
How a fabricated VC persona and a malicious TypeScript patch nearly backdoored a Rust maintainer—undetected by all 70 VirusTotal AV engines.
A coordinated campaign clones real repositories, force-pushes malicious ZIPs every few hours, and scores 0 detections on VirusTotal URL scans. Here's how it works and what to do.
A researcher uncovered 10,000 GitHub repositories distributing Trojan malware. Here's what the scale reveals about the attack—and who's actually most at risk.
A Google employee built a working travel-to-calendar app in 2 hours with no code. Here's what that really means for developers and security teams.
A single personal ID was all it took to inject content across FIFA's entire World Cup infrastructure — a case study in IDOR and access control failure.
The atomic-lockfile AUR supply-chain attack exposed a critical flaw in running Arch Linux in CI. Here's what the community scanner can—and cannot—tell you.
GrapheneOS has been ported to Android 17 with official releases coming soon — here's what it means for app developers, security engineers, and hardened fleet operators.
Microsoft's new Lib0xc library offers safer alternatives to standard C functions, addressing long-standing memory safety concerns in systems programming.