The Conductor extension now can generate post-implementation code quality and compliance reports based on developer specifications.

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks.

Deno Sandbox works in tandem with Deno Deploy—now in GA—to secure workloads where code must be generated, evaluated, or ...

Researchers have revealed that bad actors are targeting dYdX and using malicious packages to empty its user wallets.

In 2025, “vibe coding” dominated the AI landscape, a viral trend characterized by humans prompting AI to write code. It was popularized by OpenAI cofounder Andrej Karpathy who took to ...

Google and Microsoft's new WebMCP standard lets websites expose callable tools to AI agents through the browser — replacing costly scraping with structured function calls.

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX developers and backend systems and, in some cases, backdoored devices, ...

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...

JFrog security researchers have exposed two critical vulnerabilities (CVE-2026-1470, rated 9.9; and CVE-2026-0863, rated 8.5) in the n8n workflow automation platform.

Over 260,000 users installed fake AI Chrome extensions that used iframe injection to steal browser and Gmail data, exposing ...

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

Does vibe coding risk destroying the Open Source ecosystem? According to a pre-print paper by a number of high-profile ...