Node.js 24: A faster, sleeker JavaScript experience

Greyhound decal on the front of a vehicle Node.js 24 officially arrives bringing a rather tasty selection of improvements to the table and making it even more in tune with the latest JavaScript standards.

Node.js 24 has officially arrived, and it’s bringing a rather tasty selection of improvements to the table.

If you're a developer knee-deep in web apps or wrestling with asynchronous code, this release is one for you. It’s all about making Node.js quicker on its feet, more versatile, and even more in tune with the latest JavaScript standards.

V8 engine revs up to 13.6

So, what’s making Node.js 24 tick? A big part of it is the V8 JavaScript engine – yep, the...

7 May 2025 | Developer

Apple adds official Vision Pro support to Godot game engine

Photo of an Apple Vision Pro headset as the company begins contributing official support to the Godot game engine.

Apple has begun contributing official support for its Vision Pro headset to the popular Godot game engine. Ricardo Sanchez-Saez, a senior iOS engineer working on Apple's visionOS team, announced the effort via a pull request (PR) submitted to the Godot project on GitHub.

This first contribution lays the foundational groundwork for running Godot applications natively on the visionOS platform.

"We're really excited to be working with the Godot community on adding visionOS...

24 April 2025 | Development Tools

EU DMA: Apple and Meta hit with first major fines

Man punching as the EU flexes its regulatory muscles under the new Digital Markets Act (DMA), imposing hefty fines on Apple and Meta for non-compliance over App Store and personal data practices.

The EU has flexed its regulatory muscles under the new Digital Markets Act (DMA), imposing hefty fines on Apple and Meta for non-compliance. In its first enforcement actions of this kind, the Commission levied a €500 million fine against Apple and a €200 million fine against Meta.

The EU Commission found Apple breached its obligations regarding "anti-steering" practices within its App Store, while Meta was found to have failed to provide users with adequate choice concerning...

23 April 2025 | App Stores

Masquerading payment npm package installs backdoor

Mannequin wearing a masquerade mask as cybersecurity researchers at Socket uncover a malicious npm module disguised as a legitimate package for payments integration that hijacks server control during payment transactions.

Cybersecurity researchers at Socket have uncovered a malicious npm package that hijacks server control during payment transactions.

The package, @naderabdi/merchant-advcash, masquerades as a legitimate integration for the digital payment platform Advcash (now rebranded as Volet). The package embeds a reverse shell activated after successful payments that enables attackers to remotely commandeer systems.

Advcash, though niche compared to mainstream services like PayPal,...

15 April 2025 | Blockchain

Google enhances Android Studio with enterprise Gemini AI tools

Google logo as the company unveils new enterprise Gemini AI tools in Android Studio, tailored to meet their privacy, security, and management demands.

Google has unveiled new enterprise Gemini AI tools in Android Studio, tailored to meet their privacy, security, and management demands.

The update aims to empower organisations by integrating AI-powered coding assistance while addressing concerns around data protection and intellectual property (IP).

Sandhya Mohan, Product Manager for Android at Google, explained: “We’ve heard that some people at businesses have additional needs that require more sensitive data...

9 April 2025 | Analytics

Security flaws hit PyTorch Lightning deep learning framework

Photo of lightning as popular deep learning framework, PyTorch Lightning, has been found to contain multiple critical security flaws that could potentially allow attackers to execute arbitrary code by loading untrusted model files.

Popular deep learning framework, PyTorch Lightning, has been found to contain multiple critical security flaws.

The deserialisation vulnerabilities, identified under the reference VU#252619, impacts all versions of the framework up to and including version 2.4.0 and could potentially allow attackers to execute arbitrary code by loading untrusted model files.

The discovery of these vulnerabilities was made by Kasimir Schulz from HiddenLayer and the disclosure was...

8 April 2025 | Artificial Intelligence

Why developer-centric AI will transform business

Today, GenAI sits at the forefront of innovation, with millions across the UK utilising its capabilities to elevate their work, and nearly three-quarters of these users reporting a significant boost in productivity. Yet, this wave stands apart from previous technological booms because developers, instead of operating behind the scenes, are now taking centre stage. In earlier movements, developers served as invisible architects bringing others’ visions to fruition. Now, with GenAI, they...

7 April 2025 | Approaches

Python proposes standardised lock file format with PEP 751

Python wrapped around a lock as the community is set to adopt PEP 751 an enhancement aimed at improving dependency management and installation reproducibility that promises to streamline developer workflows, enhance security, and foster greater interoperability between various development tools for packaging.

The Python community is set to adopt PEP 751, an enhancement aimed at improving dependency management and installation reproducibility.

PEP 751 introduces a standardised file format, pylock.toml, designed to create an immutable record of both direct and indirect dependencies for Python environments. Recently marked as 'Accepted,' the proposal promises to streamline workflows, enhance security, and foster greater interoperability between various Python packaging...

2 April 2025 | Developer

Website hijack campaign now impacting 150,000 sites

Skull and crossed swords synonymous with piracy as a sophisticated website hijack campaign initially detected in February has seen a dramatic escalation, with security analysts now estimating that approximately 150,000 websites have been compromised.

A sophisticated website hijack campaign initially detected in February has seen a dramatic escalation, with security analysts now estimating that approximately 150,000 websites have been compromised.

The initial discovery flagged over 35,000 targeted websites. Himanshu Anand, a software engineer and security analyst at c/side, has continued to monitor the threat actor's activities and uncovered new tactics and techniques employed in this expanding operation.

What's new in...

27 March 2025 | Developer

Critical security flaw uncovered in Next.js framework

Caution pattern illustrating the discovery of a critical security flaw discovered in the popular Next.js framework, potentially impacting millions of websites and applications.

A critical security flaw has been discovered in the popular Next.js framework, potentially impacting millions of websites and applications.

Security researchers Rachid Allam, known online as zhero, and Yasser Allam (inzo_) collaborated to uncover the flaw within the framework's middleware functionality.

Next.js, boasting over 130,000 stars on GitHub and nearly 10 million weekly downloads, is a framework built upon React. Its extensive feature set makes it a popular...

24 March 2025 | Developer