The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

GitHub announces npm security changes to tackle supply-chain attacks

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking ...
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
Macworld

Running Windows on your Mac? If you’re coding, you need this $33 Microsoft tool (MSRP $500)

TL;DR: Conquer coding with this license to Microsoft Visual Studio Professional 2026, now only $32.97 (MSRP $499.99) through ...
Tech Times

GitHub Copilot CLI Adds Pre-Commit Security Scanner: LLM Inference at the Detection Layer

GitHub Copilot security scanning arrives in the terminal with /security-review, an experimental pre-commit slash command that ...

Niteshift Raises $7 Million Seed Round to Power the Cloud Platform for AI Coding Agents

In a round led by Greylock, Niteshift launches general availability of its full-stack cloud platform, giving coding agents a ...

OpenAI to cut AI pricing amid growing competition from Anthropic: Report

OpenAI plans to reduce AI pricing to attract more enterprise customers, competing with Anthropic ahead of their IPOs.
CSO Online

Claude Code has an MCP security problem — and your developers are already using it

The Mitiga disclosure is the most recent, but it is not the first time Claude Code’s configuration model has created a ...

New Relic Introduces AI Coding Observability to Bring Critical Visibility and Governance to AI Coding Assistants

New Relic, the Intelligent Observability Company, today announced development of a new open-source feature called New Relic AI Coding Observability, an observability solution designed specifically for ...

The head of Claude Code hasn’t ‘written a line of code by hand’ in 8 months

Boris Cherny was asked at Brainstorm Tech if he was concerned about the rapid progress of AI: "Yes." ...