Vercel has released Next.js 16.2, featuring performance enhancements that make development startup 400% faster and rendering ...

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.

The company provides a handful of example extensions that include the ability to bulk rename tracks, sketch out song ...

An "experimental playground" and free JavaScript toolkit released today, Extensions SDK can "expand, reshape and customize" ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Malicious Sicoob.Sdk stole PFX certificates and client IDs via NuGet downloads, enabling API impersonation and payment abuse risks.

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

From SpaceX’s record IPO plans to AI product launches, cyberthreats, layoffs, and legal fights, this week showed AI’s growing grip on tech.

CNCF graduation, Microsoft tooling updates and cloud-provider support show broader OpenTelemetry adoption across developer platforms.

Anthropic acquired SDK startup Stainless, signaling a deeper push into developer tooling as AI labs compete beyond model performance.

Anthropic acquired Stainless, the SDK compiler behind OpenAI, Gemini and Llama. The deal hands one AI lab structural leverage over rivals' developer ecosystems.