SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
SF Weekly

How a San Francisco open-source project became the data layer for global AI

San Francisco's AI economy is mostly being defined by the companies spending the most. Foundation model labs raise billions, ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
New Scientist

Flood of AI 'garbage' is pushing open-source developers to the limit

The modern world depends on open-source software maintained by volunteers, but the added demands of checking and fixing ...

The beginner's guide to vibe coding

Everyone from kids to grandmas is vibe coding. Here's an easy guide on how to start.

This AI startup says it saves $30,000 a month because of a quirk in OpenAI and Anthropic's pricing

Foyer uses personal OpenAI and Anthropic accounts to reduce AI costs, with execs saying they save $30k monthly versus ...
Memeburn

DeepSWE Just Exposed a Big Problem With AI Coding Benchmarks

DeepSWE is changing how AI coding models are tested after exposing benchmark loopholes used by Claude Opus. Here’s why ...
Tech Times

AI vs AI Cybersecurity: Sysdig Documents First LLM-Agent Intrusion in the Wild

AI vs AI cybersecurity arrived in documented form on May 10, when an LLM agent drove a four-pivot intrusion to database exfiltration in under an hour with no human direction. CrowdStrike data puts ...

CrowdStrike and Google shut down glassworm malware network targeting software developers

CrowdStrike, alongside Google and the Shadowserver Foundation, has disrupted the Glassworm botnet used to spread malware through compromised open-source software tools ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...
Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...