News

Supply-chain attacks on open source software are getting out of hand
It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with ...
The Register on MSN2d
Not pretty, not Windows-only: npm phishing attack laces popular packages with malware
The "is" package was infected with cross-platform malware after a scam targeting maintainers The popular npm package "is" was ...
Dynamsoft Barcode Reader JavaScript SDK v11.0 Improves Accuracy and Performance with Advanced Deep Learning and Algorithm Enhancements
Dynamsoft has announced the release of version 11.0 of its Barcode Reader SDK for JavaScript edition, introducing ...
Visual Studio Magazine5d
Forked Again: AWS's Kiro Is Latest AI Assistant Based on VS Code
AWS has launched Kiro, a spec-driven, agentic AI IDE based on Visual Studio Code. It joins a growing lineup of VS Code forks ...
Popular npm linter packages hijacked via phishing to drop malware
Popular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into ...
Cybernews8d
Hackers are weaponizing open-source. Developers are swallowing the bait
Hackers are flooding open source repositories with malware designed to steal secrets, hijack cloud accounts, and quietly ...
JavaScript: Major release Nuxt.js 4.0 introduces new directory structure
The new major release includes improved project organization through the app directory structure and enhanced TypeScript ...
Mitigating the risks of package hallucination and 'slopsquatting'
In 2024, cybersecurity experts started to warn of a new threat to the software supply chain. Named 'slopsquatting', it is a ...
Vibe Coding Is the Future of Programming. Here’s How Your Company Can Get on Board
Advancements in AI mean that people can create software just by describing it. Consider this your vibe coding primer.
Meta’s New Superintelligence Lab Is Discussing Major A.I. Strategy Changes
Members of the lab, including the new chief A.I. officer, Alexandr Wang, have talked about abandoning Meta’s most powerful ...
Malicious VSCode extension in Cursor IDE led to $500K crypto theft
A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one ...