Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...

Cloudflare’s new Dynamic Workers ditch containers to run AI agent code 100x faster

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU ...
The Hacker News

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

Apple's platform rules stop ChatGPT from becoming a superapp

OpenAI is working on a project to consolidate ChatGPT, coding tools, and a browser into one app. Apple's iOS platform restrictions will prevent it from becoming a true all-in-one platform on the ...
Indiatimes on MSN

Vibe coding: Where your ideas matter more than syntax

Vibe coding is transforming how software is built by allowing users to create apps through simple prompts instead of ...
Startup Fortune

Google Solves AI Coding Agents’ Stale Code Problem

Google has improved its AI coding agents to stop generating outdated, deprecated code, addressing a key trust barrier for ...
Foreign Affairs

The Iran War Comes to Iraq

The U.S.-Israeli war against Iran has triggered one of the Middle East’s long-feared nightmares: a full-blown regional conflagration. The expansion of the conflict has had especially significant ...