CSO Online

Claude in Chrome is taking orders from the wrong extensions

Security researchers warn that Anthropic’s Claude in Chrome extension can be abused by malicious extensions that exploit ...
Visual Studio Magazine

VS Code 1.119 Adds Agent Browser Sharing, OpenTelemetry Tracing

The new weekly update focuses on agent workflows, observability, trust controls, Markdown usability and engineering changes.
Hosted on MSN

White House app found with hidden GPS tracking, weak security

A security researcher’s decompilation of the White House’s official mobile app uncovered hidden GPS tracking, insecure code ...
Boing Boing on MSNOpinion

Security researcher tears apart White House app and finds a tracking and security nightmare

A security researcher who decompiled the White House's new mobile app says it contains hidden GPS-tracking capabilities, weak ...
Cryptopolitan

Crypto wallets targeted in SAP-linked npm supply-chain attack

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

A Security Researcher Decompiled The White House App, & What They Found Is Pretty Alarming

Recently, The White House launched its own official app on iOS and Android, claiming that it gives users "unparalleled access ...

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...
Decrypt

You Installed Hermes. Now Make It Look Better Than ChatGPT or Claude

The terminal is fine. But if you actually want to live in your Hermes agent, here are the four best GUIs the community has ...

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Zed team releases version 1.0 of Rust-built editor: Traditional editor and AI tool

Team wins praise for adding 'disable all AI features' setting for devs who want a code editor to be only a code editor ...
SecurityWeek

SAP NPM Packages Targeted in Supply Chain Attack

Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...