For nineteen years, Pwn2Own has been the place where elite security researchers demonstrate zero-day exploits against real targets for cash prizes.
Georgia Tech's Vibe Security Radar project has been quietly counting since May 2025.
Two days ago at Red Hat Summit, the company that built its reputation on enterprise Linux announced something unexpected: your developer laptop needs...
Last Tuesday, Vercel and the React team dropped thirteen security advisories at once. Not a typo.
Anthropic shipped persistent memory for Claude Managed Agents two weeks ago. Rakuten says their agents cut first-pass errors by 97%.
Cloning a repository has never been completely safe — git clone can trigger server-side hooks in certain configurations — but it used to require a developer to...
A WHERE clause fixed multi-tenancy in 2015. Your SaaS app had one database, one schema, and a tenant_id column on every table.
Ox Security dropped a report on April 15 calling it "the mother of all AI supply chains.
Every major framework — LangChain, CrewAI, OpenAI Agents SDK, Google ADK — makes it trivially easy to give an agent the ability to send emails, execute code,...
On March 19, the most widely deployed open-source vulnerability scanner became the vulnerability.
Two critical vulnerabilities rocked the React and Next.js ecosystem in 2025.
Sometime in early 2026, we quietly crossed a line that would have sounded absurd three years ago: more than half of all code committed to GitHub is now either...
Chrome 142 introduced the Local Network Access permission prompt last year, and most developers shrugged.
Last month, researchers at Token Security dropped a vulnerability report that should have made every MCP server operator lose sleep.
Sometime in early 2026, we crossed an invisible line: more than half of all code committed to GitHub was either generated or substantially assisted by an AI...
Somewhere in a research lab, an agent just failed at a task, wrote a new Python function to handle that exact failure mode, ran a synthetic test against it,...
Every web app that accepts user HTML has the same dependency buried somewhere in its node_modules: DOMPurify.
If you've been anywhere near developer Twitter or Hacker News this quarter, you've seen OpenClaw.