In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

Cline is one of the most widely adopted open-source AI coding assistants, and its Kanban feature provides a web-based project ...

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Hyunwoo Kim, also known as "V4bel," recently disclosed "Dirty Frag," a dangerous security vulnerability that provides local ...

The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which ...

A new wave of the Mini Shai-Hulud campaign compromised dozens of TanStack npm packages as part of a broader supply chain ...

What happened?: Attackers took over a maintainer account for Axios and published malicious versions to npm, potentially impacting millions of downloads. Why it matters: CSA Singapore warns supply ...

OpenAI said its new Daybreak initiative uses AI to help companies identify software vulnerabilities and speed up cyber ...

Dive into The Register's online archive of incisive tech news reporting, features, and analysis dating back to 1998 ...