Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...

npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...
InfoQ

Next.js 16.2: 400% Faster Dev Startup, Faster Rendering, and Deeper Tooling for AI Agents

Vercel has released Next.js 16.2, featuring performance enhancements that make development startup 400% faster and rendering ...
Tech Times

Claude Code Dynamic Workflows: Scripts Replace Context Windows, Ultracode Automates Orchestration

Claude Code Dynamic Workflows, launched May 28, 2026, replaces context-window orchestration with a JavaScript script Claude writes on the fly for each task. Runs cap at 1,000 parallel subagents with ...
Lifehacker

Update Chrome ASAP to Protect Yourself From This Active Exploit

Jake Peterson is Lifehacker’s Tech Editor, and has been covering tech news and how-tos for nearly a decade. His team covers all things technology, including AI, smartphones, computers, game consoles, ...

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...
Cryptopolitan on MSN

IronWorm malware plants rootkit in Arweave ecosystem npm libraries

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

Report urged minister to clarify spy watchdog’s review role over lawful-access orders in bill

Watchdog charged with keeping spy agencies in check wants proactive access to classified lawful access details ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...

Filipino immigrants face employment barriers that lead to widespread overqualification

Most newcomers with postsecondary degrees from the Philippines are in this position, according to recently released data ...
Developer Tech

Anthropic says AI can turn software patches into exploits within hours

Anthropic’s AI turned Firefox and Windows software patches into exploits within hours, including one Windows proof-of-concept ...