Node.js Considers Public Workflow for Security Reports Amid AI-Driven Surge
Node.js considers public workflow for low-severity security reports amid AI-driven surge.
Summary
Node.js is contemplating a shift to a public workflow for lower-severity security reports to manage an overwhelming volume, largely attributed to AI-assisted vulnerability discovery. This proposal aims to reserve private embargo handling for high-severity issues, as the current private system is strained by an influx of AI-generated, often reproducible, findings. The project is also exploring AI-assisted triage to further streamline the intake process.
Full text
Security NewsPolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source EcosystemsPolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.By Karlo Zanki - Jul 01, 2026