With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

CISA, the US government agency whose entire job is keeping America’s critical infrastructure safe from hackers, has had a ...

Solidity remains the dominant smart contract language for Ethereum and EVM-compatible chains, with the 2025 developer survey collecting responses from developers across eighty-seven different ...

Claude Code has made the digital photo tool Adobe Lightroom functional on Linux. The project began with a very simple prompt.

This vibe coding cheat sheet explains how plain-language prompts can build apps fast, plus the planning, testing, and ...

Some time earlier this year, an employee at tech giant Meta built a system to track how much each staff member was using artificial intelligence (AI). Named “Claudeonomics” after the Claude chatbot, ...