APT28 hackers deploy customized variant of Covenant open-source tool

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation ...

Intel rolls out XeSS 3.0 with multi-frame generation, but it's still locked to Windows

The SDK introduces a substantial technical leap in multi-frame generation (MFG). By inserting up to three AI-generated frames, MFG can boost performance by up to 4x, ...

Inside OpenAI’s Race to Catch Up to Claude Code

Anthropic, a smaller rival started by OpenAI defectors, has found runaway success with its programming agent, Claude Code.
InfoQ

Cloudflare Releases Experimental Next.js Alternative Built with AI Assistance

Cloudflare released vinext, an experimental Next.js reimplementation built on Vite by one engineer, with AI guidance over one ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...