InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
Cryptopolitan

Crypto wallets targeted in SAP-linked npm supply-chain attack

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...
The Caledonian-Record

Nerdio Manager for Enterprise 8.0 Delivers New Capabilities to Help Organizations Modernize ...

Nerdio, a leading automated end-user computing (EUC) platform for Windows Cloud solutions, today announced Nerdio Manager for Enterprise 8.0, enabling organizations ...
InfoQ

GitHub Enhances CodeQL with Declarative Security Modeling for Faster, More Flexible Analysis

GitHub has introduced a significant update to its CodeQL engine, enabling developers to define custom sanitizers and ...

Amazon employees pushed for Claude Code. Now they're getting it — and Codex, too.

Some Amazon staff had complained about a lack of access to top AI coding tools, arguing the company risked falling behind in ...
Visual Studio Magazine

Special Embrace? VS Code Adapts to Claude Code's Ecosystem

Reflecting a broader trend of Microsoft embracing Claude AI, recent VS Code updates show the company accommodating Claude Code beyond model selection, with support for Claude-specific instruction ...

OpenAI’s Codex now has a tiny AI pet that keeps you updated while you code

OpenAI has introduced Codex Pets, optional animated companions for its Codex desktop app that sit on your screen and track what the coding agent is doing in real time.
WinBuzzer

VS Code Now Stamps GitHub Copilot as Git Commit Co-Author

Visual Studio Code 1.118 now stamps a Copilot co-author trailer on Git commits by default after PR #310226 flipped ...
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 according to new research

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not ...

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...