North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT via 31 Vercel deployments.

Are AGENTS.md files actually helping your AI coding agents, or are they making them stupider? We dive into new research from ETH Zurich, real-world experiments, and security risks to find the truth ...

AI-generated. Cursor AI, Replit Agent, GitHub Copilot let non-devs build apps. Pricing, pitfalls, UK data protection rules — ...

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...

A malicious NPM package, ambar-src, mimicking a popular JavaScript framework, was downloaded nearly 50,000 times in a few ...

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.

Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack that secretly installed OpenClaw on developers' machines without their ...

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

The npm registry now includes Socket security analysis links directly on package pages to help developers assess supply chain risks.

Free AI tools Goose and Qwen3-coder may replace a pricey Claude Code plan. Setup is straightforward but requires a powerful local machine. Early tests show promise, though issues remain with accuracy ...

Hello, and welcome back to Fast Company’s Plugged In. “Programming, as it turns out, is just typing.” Talking at Cisco’s AI Summit in San Francisco on February 3, Nvidia CEO Jensen Huang made that ...