Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Hackaday

Automatic Tutorial Generator Is Perhaps The Best-Case For Vibe Coding

Quick question: how did you learn to code? It probably wasn’t bribing someone a year or two ahead of you in CS to finish all ...
The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
The Hacker News

âš¡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...
The Washington Post

AI is transforming Indian call centers. What does it mean for workers?

GURGAON, India — For three years, Kartikeya Kumar hesitated before picking up the phone, anticipating another difficult conversation with another frustrated customer. The call center agent, now 29, ...
The Guardian

‘I felt like I’d stumbled on a cheat code’: what is the burned haystack dating method?

Being on dating apps can feel like looking for a needle in a haystack – so Dr Jennie Young devised a technique to burn it down and find better matches It was 2023, and Dr Jennie Young was sick of ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
Business Line

Port workers’ federations call for agitation against new labour codes

The National Coordination Committee of Port and Dock Workers Federations has urged port managements to refrain from implementing the new labour codes, warning of intensified agitation if worker ...
Business Insider

A 4 a.m. scramble turned Anthropic's leak into a 'workflow revelation'

You're currently following this author! Want to unfollow? Unsubscribe via the link in your email. Sigrid Jin woke up at 4 a.m. on Tuesday. His phone was "blowing up" with the Claude Code leak. The ...
VentureBeat

Claude Code's source code appears to have leaked: here's what we know

VentureBeat made with Google Gemini 3.1 Pro Image Anthropic appears to have accidentally revealed the inner workings of one of its most popular and lucrative AI products, the agentic AI harness Claude ...