Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

Microsoft Threat Intelligence has uncovered an active supply chain attack involving malicious npm packages registered under organizational scopes that mirror real internal corporate namespaces, ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...
InfoWorld

Taming the generative AI back end

Writing code that interacts with LLM services requires bridging two different worlds. Use these tips and techniques to bind ...
InfoWorld

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.
The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.