OpenAI confirmed on Wednesday that it found no evidence suggesting user data was compromised following a security incident ...

OpenAI said it found no evidence that user data was accessed after a supply-chain attack involving the TanStack npm library.

OpenAI reported no user data compromise after a supply-chain attack targeting the TanStack npm library, part of the broader ...

The JavaScript and TypeScript server and bundler Bun will consist of Rust code in the future. Within weeks, Claude Code ...

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

In March 2026, someone hijacked a maintainer account for Axios, a JavaScript HTTP library downloaded more than 45 million ...

A critical vulnerability in the Cline Kanban server has been disclosed that allows any website a developer visits to silently ...

A threat group planted a malicious npm package in a crypto trading project through an AI-generated commit by Anthropic's Claude.

A poisoned open-source dependency let attackers breach two OpenAI employee devices and steal credentials from a limited set of its internal source code repositories, OpenAI confirmed in a May 14, 2026 ...

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding tool configurations.

Hundreds of software packages are affected, once again threatening enterprise credentials on coders’ machines.

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...