CheckMarx confirms March 2026 attack did result in data theft.

Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one ...

Anthropic, OpenAI and others have developed AI tools that can spot hidden gaps in software for fixing. India’s use of ...

Boost Security has announced SmokedMeat, an open source red team framework for CI/CD pipelines that shows how attackers ...

Mythos combined four separate low-severity bugs into a complete browser sandbox escape. Traditional scanners evaluate ...

Node.js does not need more theatrical security output. It needs better developer workflow infrastructure. It needs tools that ...

Attackers published a malicious command-line version of the popular open-source password manager to the npm registry and may ...

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

The compromise of a version of Bitwarden's CLI is connected to the ongoing Checkmarx supply chain campaign, but differences in the operational methods of both incidents are making it difficult to ...

Cloudsmith raises a $72M Series C led by TCV and Insight Partners to govern and secure the AI-generated software supply chain.