The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
TechCrunch

Someone has publicly leaked an exploit kit that can hack millions of iPhones

Last week, cybersecurity researchers uncovered a hacking campaign targeting iPhone users that used an advanced hacking tool called DarkSword. Now someone has leaked a newer version of DarkSword and ...
The Verge

GitHub adds Claude and Codex AI coding agents

Microsoft-owned GitHub continues to embrace OpenAI and Anthropic AI advances. Microsoft-owned GitHub continues to embrace OpenAI and Anthropic AI advances. is a senior correspondent and author of ...
Business Insider

Tailwind lays off 75% of its 4-person engineering team, citing 'brutal impact AI has had on our business'

You're currently following this author! Want to unfollow? Unsubscribe via the link in your email. Tailwind laid off 75% of the startup's engineering staff on Monday — and its CEO blames AI. "75% of ...
CSOonline

New Shai-Hulud worm spreading through npm, GitHub

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers. A new version of the Shai-Hulud credentials-stealing ...
Midland Daily News

SK Siltron CSS to consolidate local production at one Bay County site

MONITOR TWP — SK Siltron CSS is moving production work from its Auburn-area facility to its site on Straits Drive in Monitor Township. The company said the move is part of an operational restructuring ...
The Verge

GitHub is launching a hub for multiple AI coding agents

Developers can soon try coding agents from OpenAI, Anthropic, Google, and more, alongside GitHub Copilot. Developers can soon try coding agents from OpenAI, Anthropic, Google, and more, alongside ...
The Hacker News

Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of ...
aha.org

Site-Neutral Payment

Americans rely heavily on hospitals to provide 24/7 access to care for all types of patients, to serve as a safety net provider for vulnerable populations, and to have the resources needed to respond ...
InfoWorld

Vibe coding with GitHub Spark

It’s taken some time for GitHub Spark, GitHub’s new AI-powered coding platform, to go beyond its initial small, closed beta. However, it’s now available to anyone with a GitHub CoPilot+ subscription, ...