CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
InfoWorld

4 cutting-edge tools for spec-driven development

Kiro, Spec Kit, Tessl, and Zenflow offer a more systematic and structured approach to developing with AI agents than vibe ...
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
Communications of the ACM

Good Vibes: AI Coding Tools and Platforms

Technology that helps write computer code is not new, but advances in generative AI (GenAI) and agentic AI have catapulted ...

This viral vibe-coded game turns Google Maps into a time machine

That is the question that WenWare adds to the formula of GeoGuessr, a popular game that shows Google Maps locations all over ...

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

The updated SHub stealer variant is called Reaper, and it uses macOS Script Editor, pre-populated with the malicious payload ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Microsoft Confirms Active 0-Day Exploit—Check Emergency Mitigation

Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.

OpenAI Deepens India Push With Bengaluru Hiring for Startup AI Deployment

OpenAI is expanding its India AI push with a Bengaluru-based hiring drive focused on startup deployments, enterprise AI ...