Bun creator Jarred Sumner has posted a Zig-to-Rust porting guide, igniting speculation that the project may migrate away from ...

May 4, 2026: Surprise! Kaiju Unleashed - the new name for Project Universe - is back a little early. Given it's in testing, though, we don't have any new Kaiju Unleashes codes for the Final wars ...

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

A malicious npm dependency slipped into an AI-assisted crypto trading project has exposed how automated coding tools can be manipulated into importing software that steals credentials, wallet data and ...

A threat group planted a malicious npm package in a crypto trading project through an AI-generated commit by Anthropic's ...

SAP embedded n8n inside Joule Studio to connect its 200 AI agents to non-SAP systems. The Berlin-based workflow automation startup is now Germany's most valuable AI company.

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

The startup behind popular Github project vLLM is out fundraising, as venture capitalists hunt for companies building tech that can make AI systems run more efficiently. Investors are about to wager ...

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...