Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers ...

The next major release of Deno, a JavaScript/TypeScript runtime, will include new commands to build cross-platform desktop ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the ...

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

In a surprise twist, Anthropic has acquired Bun, the popular JavaScript runtime, igniting discussions within the developer community. This acquisition comes shortly after unsettling statements were ...

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

The developers of the JavaScript runtime Bun have decided to largely rewrite the platform in Rust. In doing so, the project is moving away from Zig, the programming language that made Bun famous in ...

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. The ...

This week, the Zig Software Foundation reinforced its ban on LLMs for issues and pull requests. Anthropic-owned runtime Bun which joined Anthropic last December is already paying the cost. The maker ...