ActiveState, a global leader in trusted, managed open source software, today announced expanded support for AI-assisted ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Build Application Firewalls (BAFs) are emerging as a new defense against software supply chain attacks by inspecting ...

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

To protect the Pixel modem from zero-day attacks, Google focused on the DNS parser. As cellular features have migrated to data networks, DNS has become a core part of how phones work. Google explains ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

What reproducible builds achieve. Reproducible packages generate bit-identical binary packages from identical source code and ...

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not ...

With Flash GA, the company is attempting to transition from being a provider of raw compute to becoming the essential ...

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install backdoors.

The opinionated guide to running Claude Code well. CLAUDE.md, skills, subagents, hooks, and the workflows that produce ...