Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...

May 4, 2026: Surprise! Kaiju Unleashed - the new name for Project Universe - is back a little early. Given it's in testing, though, we don't have any new Kaiju Unleashes codes for the Final wars ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million times per week on npm, and pushed poisoned versions straight to the public ...

Ottawa will launch a new investment fund to support artificial intelligence startups and add hundreds of millions of dollars ...

CNCF graduation, Microsoft tooling updates and cloud-provider support show broader OpenTelemetry adoption across developer platforms.

A desktop app that lets users stream any movie, TV series, or anime for free and without ads hit the top of GitHub’s global ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

DeepSWE is changing how AI coding models are tested after exposing benchmark loopholes used by Claude Opus. Here’s why ...