Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
SecurityWeek

‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems

SymJack’ attack shows how AI coding agents can be manipulated through malicious repositories and MCP servers to steal data and enable software supply chain attacks.
InfoWorld

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.
Bleeping Computer

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. The security issue is tracked as CVE-2026-26956 and ...
Android Authority

You're not alone: a bug is sending YouTube's web player into an infinite loop of lag

YouTube’s web player apparently has a rendering bug that sends browsers into an infinite loop of visual changes. The constant page rendering loop is causing ...
adtmag.com

More Code, More Bugs: Faros Report Finds Tradeoffs In AI-Driven Software Development

Output rose sharply: Faros found that higher AI adoption was associated with a 34% increase in task completion per developer and a 66% increase in epics completed per developer. Quality and review ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
Futurism

Claude Leak Shows That Anthropic Is Tracking Users’ Vulgar Language and Deems Them “Negative”

Add Futurism (opens in a new tab) More information Adding us as a Preferred Source in Google by using this link indicates that you would like to see more of our content in Google News results. AI ...
MacRumors

Claude Code Users Report Rapid Rate Limit Drain, Suspect Bug [Update]

Claude Code users have been flooding GitHub and Reddit over the last few days with complaints that their usage limits are being exhausted at a suspiciously fast rate, with many reporting that sessions ...
WMUR

Consumer Reports tests portable carbon monoxide detectors to help protect travelers

INEXPENSIVE DEVICE COULD SAVE YOUR LIFE. SO MY PARENTS WERE ON VACATION IN A HOTEL WHEN THEY WERE FOUND DEAD IN THEIR HOTEL ROOM. CHRIS HUGHES CHILD’S PARENTS DIED FROM A CARBON MONOXIDE LEAK AT A ...
ZDNet

AI is getting scary good at finding hidden software bugs - even in decades-old code

AI is proving better than expected at finding old, obscure bugs. Unfortunately, AI is also good at finding bugs for hackers to exploit. In short, AI still isn't ready to replace programmers or ...
ZDNet

This new Claude Code Review tool uses AI agents to check your pull requests for bugs - here's how

Anthropic launches AI agents to review developer pull requests. Internal tests tripled meaningful code review feedback. Automated reviews may catch critical bugs humans miss. Anthropic today announced ...