NPM Staged Publishing: $50M Attack Forces Security Shift
npm announced staged publishing in January 2026, requiring review periods before packages go live. The move follows December’s classic token revocation that broke ...
VS Code Fork Vulnerability: 500 Devs Hit by Supply Chain Attack
The Hidden Vulnerability Your AI-powered coding assistant may have just recommended malware. Security researchers at ...
IBM API Connect 9.8 CVSS Auth Bypass Hits 1,000+ Firms
A critical authentication bypass vulnerability in IBM API Connect allows remote attackers to gain unauthorized ...
38 State Tech Laws Hit Jan 1, 2026: AI Transparency Clash
On January 1, 2026, developers woke up to a new reality: 38 state tech laws ...
React2Shell: 90K+ Next.js Apps Hit by 10.0 CVSS RCE
Within hours of its December 3, 2025 disclosure, China state-sponsored hackers were already exploiting it. ...
API Security 2026: 99% Hit, 400% Surge, $186B Cost
Ninety-nine percent of organizations suffered at least one API security incident in 2025. API attacks surged 400% within months. The damage: $186 billion ...
California DROP: Delete Data From 500+ Brokers Now
California just automated privacy rights enforcement at scale. The state launched DROP (Delete Request and ...
Microsoft Kills Windows Offline Activation After 24 Years
Microsoft killed Windows phone activation on Dec 3, 2025, forcing users to an online portal ...
Rust Enterprise Migration 2026: Microsoft, Google, Meta Race to Replace C++
CISA’s January 1, 2026 deadline for memory safety roadmaps has transformed Rust from a developer ...
SBOM Compliance Gap: 48% Failing, $60B Lost in Attacks
Despite widespread regulatory mandates, 48% of security professionals admit their organizations are falling behind SBOM ...
