GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
InfoQ

AI-Powered Bot Compromises GitHub Actions Workflows Across Microsoft, DataDog, and CNCF Projects

AI-powered bot hackerbot-claw exploited GitHub Actions workflows across Microsoft, DataDog, and CNCF projects over 7 days using 5 attack techniques. Bot achieved RCE in 5 of 7 targets, stole GitHub ...
CoinDesk

Crypto code commits fall 75% as developers move to AI projects

Developers are shifting toward artificial intelligence infrastructure as blockchain ecosystems lose contributors across major networks, from Ethereum to Solana.
Visual Studio Magazine

Going Local (& a Bit Loco) with Open-Source AI in VS Code

This hands-on PoC shows how I got an open-source model running locally in Visual Studio Code, where the setup worked, where it broke down, and what to watch out for if you want to apply a local model ...

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
BeInCrypto

Crypto Developer Activity Drops 75% — But the Real Story Isn’t All Bad

The number of active crypto developers has fallen 50% over the past year, while overall activity dropped 75%. Why are they working less?

I ditched modern habit trackers for this simple app that made me more productive

Just under a decade ago, while juggling university assignments, part-time jobs, and social obligations, I stumbled across a ...