ars Technica: For the 2nd time in weeks, Microsoft packages laced with credential stealer
Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding agents.
Tech Crunch: Microsoft’s open source tools were hacked to steal passwords of AI developers
Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
According to security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware, which were some of the first to flag the hack, the malware allowed the hackers to steal the users’ passwords and other sensitive credentials when they opened the compromised tools in their AI coding apps.
BBC: Deal moves software firm closer to $1bn 'unicorn' status
Cloudsmith, a Belfast software company, has received a £50m investment led by two US venture capital firms.
It is the largest deal of this kind ever done by a Northern Ireland-based technology company and the investment will be used to increase hiring and accelerate software development. The company currently has 130 staff, mainly based in Belfast.
Irish Tech News: Cloudsmith raises $72M Series C to defend the software supply chain against a new wave of AI-driven attacks
Cloudsmith, the universal artifact management platform trusted by some of the world’s leading enterprises, today announced a $72M Series C financing led by TCV and with participation from Insight Partners, along with investments from other existing investors.
Silicon Angle: Software artifact management startup Cloudsmith raises $72M
Cloudsmith Inc., a startup that helps software teams manage application components, has secured $72 million in new funding.
The Series C round was led by TCV, which was also the biggest backer of the company’s previous raise last year. Cloudsmith stated in its funding announcement today that the venture fund was joined by other existing investors and Insight Partners. The company’s total outside funding now exceeds $110 million.
AXIOS: Cloudsmith raises $72M to manage software components
Cloudsmith, a platform that protects software components, raised a $72 million Series C, CEO Glenn Weinstein tells Axios exclusively.
Cloudsmith warns - most teams won't meet the EU Cyber Resilience Act's software supply chain deadline
Cloudsmith arrived at KubeCon with an interesting piece of survey data. Only one in four engineering teams automatically generates and verifies software bills of materials – SBOMs – at every build. For the remaining three-quarters, SBOMs exist, but they are generated manually, reactively, or only when an auditor asks. This came from a survey of 505 developers, engineers, and DevOps leads, published as the company's 2026 Artifact Management Report which was released in full last week.
Developers are slacking on AI-generated code safety – here's why it could come back to haunt them
Organizations are taking a slapdash approach to AI-generated code, with many spending far too little time on oversight, new research suggests.
The vast majority (93%) of respondents to Cloudsmith's 2026 Artifact Management Report said their organization was using AI-generated code, more than twice as many as last year.
Cloudsmith addresses weaponization of the software supply chain with advanced security capabilities
Cloudsmith announced the expansion of its advanced security capabilities, positioning its unified data and enforcement plane as the critical defense against the evolving software supply chain threat landscape.
Cloudsmith provides a native control plane that moves security from reactive remediation to proactive protection. Instead of surfacing an undifferentiated stream of CVEs, Cloudsmith combines vulnerability, exploitability, and malware intelligence in a single enforcement layer.