The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...
SF Weekly

How a San Francisco open-source project became the data layer for global AI

San Francisco's AI economy is mostly being defined by the companies spending the most. Foundation model labs raise billions, ...
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...
Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...
ZDNet

I use these 10 secret Netflix codes to find hidden movies - here's how to enter them

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
The Hacker News

Trellix Confirms Source Code Breach With Unauthorized Repository Access

Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source ...
Ars Technica

Microsoft open-sources “the earliest DOS source code discovered to date”

Several times in the last couple of decades, Microsoft has released source code for the original MS-DOS operating system that kicked off its decades-long dominance of consumer PCs. This week, the ...
The Next Web

Lovable left thousands of projects exposed for 48 days, and the vibe coding security crisis is only getting worse

Summary: Lovable, the $6.6 billion vibe coding platform with eight million users, has faced three documented security incidents exposing source code, database credentials, and thousands of user ...
InfoQ

Anthropic Accidentally Exposes Claude Code Source via npm Source Map File

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Birgitta Böckeler, Distinguished Engineer at ...
ZDNet

How I set up Claude Code in iTerm2 to launch all my AI coding projects in one click

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
The New York Times

The Big Bang: A.I. Has Created a Code Overload

Companies are scrambling to deal with the glut. Credit...Mojo Wang Supported by By Mike Isaac and Erin Griffith Reporting from San Francisco When a financial services company recently began using ...