Vercel has released Next.js 16.2, featuring performance enhancements that make development startup 400% faster and rendering ...

A researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance. A security researcher has disclosed details of a severe Visual Studio Code ...

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

OpenAI has launched a significant enterprise-focused update for Codex, introducing six job-specific plugins for fields like data analytics, sales, and finance. The rollout includes a “Sites” feature ...

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...

Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...