CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Bun creator Jarred Sumner has posted a Zig-to-Rust porting guide, igniting speculation that the project may migrate away from ...

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not ...

Google can render JavaScript. That’s no longer up for debate. But that doesn’t mean it always does — or that it does so instantly or perfectly. Since Google’s 2024 comments suggesting it renders all ...

Anthropic accidentally leaked the full source code of Claude code, its flagship AI coding agent on March 31. The code was exposed through a 59.8 MB JavaScript source ...

The popular game engine GameMaker continues advancing, with a new GMRT runtime that will give developers source access and ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

A threat group planted a malicious npm package in a crypto trading project through an AI-generated commit by Anthropic's ...

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...