Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...

Microsoft Research has released Webwright as a terminal-native web agent framework that turns browser tasks into rerunnable Playwright code and logs for teams.

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

Apple launches Safari Technology Preview 244 with fixes for JavaScript, Web APIs, security, rendering, and more.

Google recently published – and then quickly hid – a potentially dangerous bug found in the Chromium web browser. The ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Google announced over a dozen new features and changes for its Chrome web browser during its Google I/O conference today.

Meta opened its $799 Ray-Ban Display to web-app developers and added handwriting input, screen recording, expanded walking ...

Meta is throwing open the doors to its Ray-Ban Display glasses. Starting today, developers can build third-party apps for the smart glasses using either a native mobile SDK (Swift or Kotlin) or web ...