This vibe coding cheat sheet explains how plain-language prompts can build apps fast, plus the planning, testing, and ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had ...

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

This editor just gets out of the way.

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding tool configurations.

The new version of the programming language with a Go backend is said to be ten times faster than its predecessor, which used the JavaScript codebase.

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...

Anthropic accidentally leaked part of the internal source code for its coding assistant Claude Code, according to a spokesperson. The leak could help give software developers, and Anthropic's ...

The entire source code for Anthropic’s Claude Code command line interface application (not the models themselves) has been leaked and disseminated, apparently due ...

A new variation of the ClickFix technique is capitalizing on the popularity of Anthropic's Claude Code and other AI coding tools. Researchers at Push Security discovered the threat campaign, which ...

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate ...