OSTechNix

JavaScript Timestamp Bugs: How UTC Mistakes Break Web Apps

Learn how a single JavaScript Date() timezone mistake silently corrupts web apps and how to fix timestamp bugs in JS, Python, ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
CSO Online

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
Hoodline

Bun B Turns Sugar Land Into Ridin' Dirty Country For One-Night Throwdown

Speaking with CultureMap Houston, Bun B called Ridin’ Dirty “the seminal UGK album” and admitted “it's something we'll have ...

Bun posts Rust porting guide, says rewrite is still half-baked

Bun creator Jarred Sumner has posted a Zig-to-Rust porting guide, igniting speculation that the project may migrate away from ...
Hosted on MSN

Coinbase backs CLARITY Act as PyTorch Lightning malware uncovered

Coinbase executives are pressing Congress to move forward with the bipartisan CLARITY Act, which would limit certain stablecoin rewards while preserving usage-based incentives, as security researchers ...
Morning Overview on MSN

Hackers poisoned the PyTorch Lightning AI package and it started stealing credentials the moment you imported it

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...
WinBuzzer

Zig Reinforces LLM Contribution Ban As Anthropic-Owned Bun Forks 4x Gain

The Zig Software Foundation has reinforced its blanket ban on LLM-authored issues and pull requests, and Bun’s 4x Bun-compile ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
SecurityWeek

SAP NPM Packages Targeted in Supply Chain Attack

Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...
theregister

Anthropic bakes memory fixes into Bun 1.1.13 as developers complain of leaks

A new version of the Bun JavaScript runtime and toolkit is out with enhanced testing support and improved memory management. The latter is a critical issue to devs and follows complaints of memory ...