Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
VS Code 1.127 enhances agent session management, introduces per-site browser permissions, and makes browser tools for agents ...
LayerX found that BioShocking could trick AI browsers into leaking credentials by disguising malicious prompts as game rules.
Apple is introducing a new MCP server for Safari that lets coding agents inspect websites directly in the browser. Here are the details.
A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a ...
As tools like Claude Code get better, more and more developers are happy to hand off coding tasks to them. The way software gets built has changed for good. The vibes were strong at Code with Claude, ...
GitHub, the popular developer platform owned by Microsoft, confirmed it was hacked and attackers had stolen data from around 3,800 internal code repositories. The code hosting and sharing giant said ...
Preview of new companion app allows developers to run multiple agent sessions in parallel across multiple repos and iterate on human and agent reviews. Visual Studio Code 1.115, the latest release of ...
We love a good ol’ social media roast, and Y Combinator CEO Garry Tan found himself on the business end of a doozie Wednesday. Absolutely insane week for agentic ...