'Each vulnerability exposes a different class of enterprise data': LangChain framework hit by several worrying security issues — here's what we know

LangChain and LangGraph, two popular open source frameworks for building AI apps, contained high-severity and critical ...
The Hacker News

TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise

Malicious LiteLLM 1.82.7–1.82.8 via Trivy compromise deploys backdoor and steals credentials, enabling Kubernetes-wide ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
eWeek

OpenAI Launches Codex Security to Find, Patch Code Vulnerabilities

eSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly ...
Dark Reading

The Tug-of-War Over Firewall Backlogs in the AI-Driven Development Era

The relationship between application developers and security teams has always been fraught with tension. At the core lies an ongoing battle — speed versus security — and that tug of war has been ...
Dark Reading

Claude Code Security Shows Promise, Not Perfection

Claude Code Security made a big splash when it was introduced last week, but it may be too early to call it as disruptive as the markets suggested. Anthropic unveiled Claude Code Security on Feb. 20, ...
Computer Weekly

Cyber association launches code of conduct for security pros

ISC2, the non-profit membership association for cyber security professionals, has launched a code of conduct to spread more ethical, principled practices across the global cyber security trade. The ...
Forbes

The Code Sovereignty Paradox: Why AI Productivity Is Creating A Security Debt Crisis

We are witnessing the industrialization of software development. What began as an experiment in auto-completion has evolved into a full-fledged AI-driven revolution. By early 2025, GitHub Copilot ...
Morningstar

Anthropic’s Claude Code Security Release Is Not Bad News for Cyber Stocks

On Feb. 20, Anthropic released a vulnerability-scanning tool aimed at security applications, leading to an average drawdown of over 5% across our cybersecurity stock coverage as investors worry that ...
CoinTelegraph

Cybersecurity stocks fall after Anthropic unveils Claude Code Security

Anthropic’s Claude Code Security sent shockwaves through cybersecurity markets, with CrowdStrike and Palo Alto Networks among the hardest hit. Shares in leading listed cybersecurity companies have ...