A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

These free and cheap apps will make your life a little easier

Looking for useful apps? Try a free iPhone dashcam app, a color identifier and a Mac cleanup utility.` ...

The engineer who helped build top South African technology companies, including Superbalist, MasterStart, and Yoco

Matthew Goslett’s storied career began with IRC, dial-up Internet, and a fascination with how messages travelled between ...

For May, Patch Tuesday means 139 updates — but no zero-days

Microsoft delivered fixes for issues affecting everything from Windows to Office, .NET, and SQL Server, and several patches that should be deployed ASAP.
Arabian Post

Laravel-Lang breach exposes Composer supply chain risks

Hackers have compromised the Laravel-Lang open-source ecosystem, turning trusted PHP localisation packages into a vehicle for credential theft and remote code execution across developer machines and ...
Arabian Post

Drupal flaw draws urgent patch race

US cyber authorities have added a critical Drupal Core SQL injection flaw to their exploited-vulnerabilities list after attacks began targeting unpatched websites using PostgreSQL databases, ...
SecurityWeek

Mirasvit Vulnerability Exploited to Execute Code on Magento Servers

Hackers are exploiting a critical vulnerability in Mirasvit Full Page Cache Warmer to execute code remotely on Magento ...
Bleeping Computer

Trellix source code breach claimed by RansomHouse hackers

The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. Yesterday, the ...
The Next Web

OpenAI is turning Codex from a coding tool into an enterprise work platform, and non-developers are adopting it 3x faster than engineers

OpenAI turns Codex into an enterprise platform with hosted web apps, 62 business app plugins, and 110 skills. Non-developers are 20% of 5M weekly users, growing 3x faster.

I built a Pinterest-inspired web app. It's cute, but it shows how coding with AI falls short.

A friend challenged me to build her an app she could use for online scrapbooking. I tried making it using Base44 — here's what went down.