Microsoft released TypeScript 6.0 on March 23, the last version built on the original JavaScript codebase, with three post-RC changes and a wave of deprecations designed to ready codebases for the ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB of data.

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and enabling remote control.

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the ...

OpenAI has acquired Astral, the company behind Python tools uv and Ruff, to integrate them into its Codex platform as it competes with Anthropic's Claude Code.

Why are we asking for donations? Why are we asking for donations? This site is free thanks to our community of supporters. Voluntary donations from readers like you keep our news accessible for ...

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, worm-like malware across dozens of packages, security firms say. Named CanisterWorm ...

Mozilla is building cq - described by staff engineer Peter Wilson as "Stack Overflow for agents" - as an open source project ...