More results...
VS Code developers beware: ReversingLabs found 19 malicious extensions hiding trojans inside a popular dependency, disguising the final malware payload as a standard PNG image file.
JFrog researchers found a critical RCE vulnerability (CVE-2025-11953) in the popular React Native CLI. Developers using versions 4.8.0-20.0.0-alpha.2 must update to patch the flaw.
The Python Software Foundation (PSF) warns developers of phishing emails leading to a fake PyPI login site designed to steal account credentials.
Aikido Security flagged the largest npm attack ever recorded, with 18 packages like chalk, debug, and ansi-styles hacked…
Improve security in your React app with geolocation-based authentication, adding a strong layer beyond passwords to prevent unauthorised access.
Slopsquatting and vibe coding are fueling a new wave of AI-driven cyberattacks, exposing developers to hidden risks through fake, hallucinated packages.
Find out how to provide OpenAI with your input about its upcoming open language model, which Sam Altman stated will be a “reasoning” model like OpenAI o1.
Google’s agreement to buy cloud security startup Wiz will face antitrust scrutiny amid Alphabet’s ongoing legal battles.
New botnets, more AI in spearphishing and increases in hack-for-hire business are some of Kaspersky’s security predictions. Get extensive APT mitigation tips, too.
Dependency confusion is becoming a serious cybersecurity threat. Learn which organizations are at risk and how to protect systems against these attacks.