Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...

In a surprise twist, Anthropic has acquired Bun, the popular JavaScript runtime, igniting discussions within the developer ...

Claude Code Dynamic Workflows, launched May 28, 2026, replaces context-window orchestration with a JavaScript script Claude writes on the fly for each task. Runs cap at 1,000 parallel subagents with ...

The developers of the JavaScript runtime Bun have decided to largely rewrite the platform in Rust. In doing so, the project is moving away from Zig, the programming language that made Bun famous in ...

A pull request with a Rust version of Anthropic’s Bun, a JavaScript toolkit and runtime originally written in Zig, has been merged to the main Bun repository. This comes just days after its author, ...

This week, the Zig Software Foundation reinforced its ban on LLMs for issues and pull requests. Anthropic-owned runtime Bun which joined Anthropic last December is already paying the cost. The maker ...

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. As of writing, ...

Bun, founded by Jarred Sumner in 2021, offers an all-in-one toolkit that combines runtime, package manager, bundler, and test runner capabilities. The JavaScript runtime has been downloaded over 7 ...