The vm2 sandbox component of the open-source JavaScript runtime environment Node.js is vulnerable with certain settings.

Bun creator Jarred Sumner has posted a Zig-to-Rust porting guide, igniting speculation that the project may migrate away from ...

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

The Zig Software Foundation has reinforced its blanket ban on LLM-authored issues and pull requests, and Bun’s 4x Bun-compile ...

Salesforce is opening its platform to React developers. The Multi-Framework beta lets developers build native Salesforce apps with React while using Salesforce authentication, security, governance, ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Cross-platform game engine GameMaker has unveiled a major update centred on the launch of its new GameMaker Runtime (GMRT).

The popular game engine GameMaker continues advancing, with a new GMRT runtime that will give developers source access and ...

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

ThreatDown’s EDR team discovered a sophisticated, multi-stage attack chain during an active investigation; the first documented case of attackers abusing the Deno runtime as a malware execution ...