The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
TMCnet

Blacksmith Raises $10M to Unblock AI Development with Fast CI for GitHub Actions

Since launching out of Y Combinator's Winter 2024 batch, Blacksmith has steadily grown to $1M in ARR, with revenue tripling in just the past four months. More than 800 companies, including Ashby, ...
Visual Studio Magazine

GitHub Tops AI Coding Assistants Report, with Microsoft-Related 'Cautions'

Gartner's new Magic Quadrant for AI Code Assistants report shows GitHub Copilot leading the market while forecasting ...
Ervik.as

Wormable Malware Causing Supply Chain Compromise of npm Code Packages

Reports surfaced that the widely used npm package @ctrl/tinycolor had been compromised by Wormable Malware as part of a ...
CSO Online

Warning: Hackers have inserted credential-stealing code into some npm libraries

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel self-replicating credential-stealing code in yet another wave of a supply chain ...
Visual Studio Magazine

GitHub Spec Kit Experiment: 'A Lot of Questions'

Microsoft has published a new post explaining GitHub Spec Kit, clarifying its experimental approach to spec-driven ...
InfoWorld

Smoother Kubernetes sailing with AKS Automatic

A good middle ground between AKS and ACI, AKS Automatic makes running cloud-native applications easier for companies without ...
CDOTrends

The Abyss of the Salesloft-Salesforce Breach May Reach the Challenger Deep

Various human-element breach types and tactics will spring up in the coming weeks and months based on the data that was extracted, requiring specific tech and process controls. Your email, messaging, ...