A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...

Over the past years, the author of the cURL project, [Daniel Stenberg], has repeatedly complained about the increasingly poor ...

From fine-tuning open source models to building agentic frameworks on top of them, the open source world is ripe with ...

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...

AWS recently published a security bulletin acknowledging a configuration issue affecting some popular AWS-managed open-source ...

Claude Code isn't the only AI-assisted programming method having a moment. AI biz Cursor created a rudimentary browser using OpenAI's GPT-5.2. And developer Ola Prøis used Cursor, powered by Claude, ...

Microsoft’s new winapp CLI simplifies Windows app development with one-command setup, faster testing, and easier packaging.

Just yesterday, we noted the growing threat of ransomware. Now, Jamf Threat Labs is warning that North Korean threat actors ...

North Korean hackers target macOS developers with malware hidden in Visual Studio Code task configuration files.