Dark Sky Technology Announces Air-Gapped SBOM Generation for Mixed-Code Development Environments with Bulletproof Trustâ„¢

New capability delivers compliant, rich, analysis-ready SBOMs from a single folder-based workflow—even for mixed and ...
InfoQ

Evaluating AI Agents in Practice: Benchmarks, Frameworks, and Lessons Learned

This article introduces practical methods for evaluating AI agents operating in real-world environments. It explains how to ...

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
CSO Online

PhantomRaven returns to npm with 88 bad packages

Researchers at Endor Labs uncovered 88 new packages tied to new waves of the campaign, which uses remote dynamic dependencies to deliver credential-stealing malware.
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...
InfoQ

AWS Launches Managed Openclaw on Lightsail amid Critical Security Vulnerabilities

AWS launched managed OpenClaw on Lightsail for AI agent deployment while security concerns mount. The 250k-star GitHub project is affected by CVE-2026-25253, which enables one-click RCE, with 17,500+ ...

LeakNet ransomware uses ClickFix and Deno runtime for stealthy attacks

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a ...
NetEye Blog

Bringing OpenTelemetry to Flutter Android for Client-side Observability

The OpenTelemetry Android SDK ships with capabilities that would take significant effort to replicate in Dart: OkHttp instrumentation and batch processing to reduce network calls and battery ...