Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
TMCnet

AgileAI Labs Unveils Spec2TestAI's Natural Language No-Code Automated Testing Tool

Software Development Teams build an end-to-end project knowledge base that self-improves generating enhanced, fully traceable ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

OpenAI launches new initiative to help find and patch open source bugs

OpenAI announced a new initiative on Monday designed to help the open source community improve its cybersecurity game and ...
OS X Daily

Need Java on MacOS? Here’s How to Install Java (JDK/JRE) on Mac with Eclipse Temurin

Need to install Java on your Mac to run a particular application? While most Mac users will never need Java, there are ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Minecraft's Chaos Cubed Update Is Now Live, Here Are The Patch Notes

Ahead of the release of Minecraft on the Switch 2 later this year, Mojang has this week released the new update Chaos Cubed.

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...

Oracle Announces New NetBeans IDE Release With Comprehensive Support for Java 8

Web and application developers are facing continuing pressure for efficiency and are seeking to adopt the latest standards and advancements in the Java language and platform. To address this need, ...
ZDNet

10 trillion downloads are crushing open-source repositories - here's what they're doing about it

Open-source repositories are collapsing under the strain of 10 trillion downloads annually. All the major repositories are joining together to tackle this problem. While a lack of funds is a major ...
Bloomberg L.P.

Anthropic Rushes to Limit Leak of Claude Code Source Code

Anthropic PBC is rushing to address the inadvertent release of internal source code behind Claude Code, an AI-powered assistant that has become a key moneymaker for the company. Thousands of copies of ...