A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain ...

Cline is one of the most widely adopted open-source AI coding assistants, and its Kanban feature provides a web-based project ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Etherpad is a self-hostable web editor written in Node.js for real-time collaborative writing – functionally comparable to Google Docs, but under an Apache 2.0 license and without cloud dependency.

Vercel, a cloud development platform, recently confirmed that someone gained unauthorised access to some of its internal systems. This has led to an a.

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...

Thank you to everyone who participated in the open Alpha of OpenSpell. Without your help I would not have been able to find anywhere near the amount of bugs we were able to. If you don't trust any of ...

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...