A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...

Agent HQ provides a single location for managing both local and remote coding agents and introduces a plan agent that breaks ...

A critical security vulnerability in the popular JavaScript library expr-eval allows remote code execution. The bug, with a ...

A widely-adopted JavaScript library has been found carrying a critical vulnerability which could allow threat actors to execute malicious code, remotely.

The coordinated campaign has so far published as many as 46,484 packages, according to SourceCodeRED security researcher Paul ...

Besides its lightweight design and compatibility with all major operating systems, a massive collection of extensions is one ...

What if AI-assisted development is less of a threat, and more of a jetpack? This month’s report tackles vibe coding, along ...

Outside experts who reviewed TikTok's code determined that it wasn't used to collect "data of concern," attorneys told a judge this week.

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities ...