Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

No-JavaScript fallbacks in 2026: Less critical, still necessary

Rendering isn’t always immediate or complete. Learn where no-JavaScript fallbacks still protect critical content, links, and ...

OpenAI Says Codex Agents Are Autonomously Running Its Data Platform

Inside OpenAI’s ‘self-operating’ infrastructure, where Codex-powered AI agents debug failures, manage releases, and compress ...
The Guardian

Claude’s code: Anthropic leaks source code for AI software engineering tool

Nearly 2,000 internal files were briefly leaked after ‘human error’, raising fresh security questions at the AI company Anthropic accidentally released part of the internal source code for its ...
Business Insider

Anthropic accidentally exposed part of Claude Code's internal source code

Anthropic accidentally leaked some source code for Claude Code, its AI-powered coding assistant. The company said the leak did not include sensitive customer data or credentials. Anthropic recently ...
TechRadar

Anthropic confirms it leaked 512,000 lines of Claude Code source code — spilling some of its biggest secrets

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Anthropic employee accidentally leaked Claude Code source via npm map file Leak exposed 1,900 ...
The Hacker News

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a ...
NDTV

Anthropic's AI Coding Tool Leaks Its Own Source Code For The Second Time In A Year

Anthropic, the American artificial intelligence company behind the Claude family of AI models, has once again inadvertently exposed the complete source code of its AI coding tool, Claude Code, through ...
Gizmodo

Source Code for Anthropic’s Claude Code Leaks at the Exact Wrong Time

Anthropic just cannot keep a lid on its business. After details of a yet-to-be-announced model were revealed due to the company leaving unpublished drafts of documents and blog posts in a publicly ...
IEEE

InspectJS: Leveraging Code Similarity and User-Feedback for Effective Taint Specification Inference for JavaScript

Abstract: Static analysis has established itself as a weapon of choice for detecting security vulnerabilities. Taint analysis in particular is a very general and powerful technique, where security ...
theregister

Anthropic goes nude, exposes Claude Code source by accident

Would you like a closer look at Claude? Someone at Anthropic has some explaining to do, as the official npm package for Claude Code shipped with a map file exposing what appears to be the popular AI ...
Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...