Starting on June 11, 2026, the Arch User Repository (AUR) was targeted by malware which rapidly compromised over 1,500 packages. The AUR repository allows for abandoned community packages to be taken ...

The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.

Developers on edge: React exploit exposed Posted: 1 June 2026 | Last updated: 1 June 2026 The React.js framework is reeling from the discovery of a critical vulnerability, CVE-2025-55182, that poses ...

CVE-2026-48907 in the Joomla JCE plugin lets unauthenticated attackers drop PHP web shells with a single crafted request.

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

As the Village Voice’s Lisa Jones discovered when she went to Florida to cover the trial, teenage girls had a fairly blasé ...

Z.ai pitches GLM-5.2 for long-running software engineering tasks The open-source model combines a one-million-token context window with architectural updates aimed at lowering the cost of ...

Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading ...

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

It sped up the typing, and let me skip having to master every layer to ship something useful. (I know how to drive a car, but I cannot bore an engine block). A couple things I took away: Constraints ...