A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

With Microsoft's new Dev Configs, a Windows installation becomes a ready-to-use developer workstation with a single command – ...

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...

The Build 2026 keynote was overly-long, in keeping with tradition. But there was some good news for Windows developers too.

VS Code might be what you're used to, but there's a lot more to see when it comes to code editors. Here's a few options.

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...

Hacked code repository GitHub warned administrators of self-hosted git servers to rotate public encryption keys following a May 18 incident involving a poisoned VS Code extension used by an employee.

ESPHome 2026.5.0 has just been released with the beta version of the new ESPHome Device Builder web app that replaces the legacy in-tree dashboard with a real configuration editor, a firmware job ...

GGUF parser vulnerabilities disclosed May 15, 2026 include a critical integer overflow that lets any malicious model file ...

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.