TanStack Supply Chain Attack: Audit Your CI Now
84 malicious TanStack npm packages published in 6 minutes via GitHub Actions hijack. Check your lockfile, rotate credentials, and harden your CI now.
vLLM v0.21.0: Spec Decode for Reasoning Models — Upgrade Now
vLLM v0.21.0 ships thinking-budget-aware speculative decoding, KV offload + HMA integration, and a Blackwell MLA ...
OpenAI Daybreak: AI Vulnerability Detection Is Now in Your Dev Pipeline
OpenAI Daybreak uses Codex Security to map attack paths, validate exploits in a sandbox, and ...
node-ipc Compromised: Rotate Your CI Secrets Now
node-ipc versions 9.1.6, 9.2.3, and 12.0.1 were compromised via an expired email domain. 90+ credential ...
Valkey 9.1: HGETDEL, MSETEX, and GLIDE Goes C# and PHP
Valkey 9.1 ships HGETDEL, MSETEX, and CLUSTERSCAN — three commands Redis never built. Plus 20% ...
AI Memory Shortage 2026: Developer Hardware Costs Spike
AI data centers now consume 70% of all memory chips worldwide. DDR5 prices doubled, NVIDIA skipped 2026 GPUs. Here is what developers must ...
Socket Raises $60M as AI Code Creates Supply Chain Crisis
Socket hit a $1B valuation blocking 1,000+ supply chain attacks weekly. Here’s why AI coding ...
Google API Keys Active 23 Minutes After Deletion — Won’t Fix
Deleted Google API keys stay active up to 23 minutes. Google closed the report as ...
Microsoft Defender CVE-2026-41091: Patch Now or Lose SYSTEM
CVE-2026-41091 and CVE-2026-45498 actively exploited in the wild. Check your Defender engine version now — ...
Semantic Kernel CVE-2026-25592 & CVE-2026-26030: Patch Now
Microsoft disclosed two critical Semantic Kernel RCE flaws on May 7. Learn how prompt injection ...