SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
Cybernews

North Korea is turning open-source projects into malware traps

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...

How a small-town company that can trace its roots to 1917 is helping fuel the AI boom

But Mr. Thomas has a clear sight line into the AI boom through his role at Hammond, a manufacturer with deep roots in Guelph, ...

Browser-based attacks hit 95% of enterprises — and traditional security tools never saw them coming

Omdia research shows 95% of organizations faced browser-based attacks last year. CrowdStrike's CTO and Clearwater Analytics' ...

A children’s museum dares to choose colour

With its redesign of the Hamilton Children’s Museum, Toronto-based architecture firm Workshop reminds us public buildings don ...
InfoQ

Google Releases Gemma 3 270M Variant Optimized for Function Calling on Mobile and Edge Devices

FunctionGemma is a new, lightweight version of the Gemma 3 270M model, fine-tuned to translate natural language into ...
InfoWorld

16 open source projects transforming AI and machine learning

From fine-tuning open source models to building agentic frameworks on top of them, the open source world is ripe with ...
CSO Online

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...
Visual Studio Magazine

What a Difference a VS Code Fork Makes: Antigravity, Cursor and Windsurf Compared

VS Code forks like Cursor, Windsurf, and Antigravity may share a common foundation, but hands-on testing shows they reflect sharply different philosophies around AI autonomy, workflow structure, and ...
InfoQ

Two Missing Characters: How a Regex Flaw Exposed AWS GitHub Repos to Supply-Chain Risk

AWS recently published a security bulletin acknowledging a configuration issue affecting some popular AWS-managed open-source ...
Opinion

How an experienced developer teamed up with Claude to create Elo programming language

Claude Code isn't the only AI-assisted programming method having a moment. AI biz Cursor created a rudimentary browser using OpenAI's GPT-5.2. And developer Ola Prøis used Cursor, powered by Claude, ...