SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB of data.
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
heise online

Anthropic relieves developers: Code review with AI agent team

Anthropic has introduced a new multi-agent system for automated code reviews, designed to relieve developers, especially when checking AI-generated pull requests (PRs). It is available as a research ...
heise online

Automation tool n8n: Updates patch code injection flaws

In the automation tool n8n, eleven security vulnerabilities have been discovered. Three of these are considered critical risks. Admins should update quickly. IT researchers have discovered eleven ...