Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with running a seemingly benign GitHub repository could execute a malicious payload that is ...
Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
SecurityWeek

Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories

Amazon Q vulnerability could allow attackers to steal developer cloud credentials by luring them into opening a booby-trapped ...
How-To Geek on MSN

I stopped maintaining 30 JSON files by hand with this one tool

Connect all your configuration files and autogenerate code—Jsonnet is the missing piece for large code bases.
XDA Developers on MSN

7 little-known VS Code extensions that prove it's more than just an IDE

VS Code’s secret weapons ...
Tech Times

Homebrew 6.0.0 Adds Tap Trust to Block Rogue Ruby Installs, Starts Intel Countdown

Homebrew 6.0.0 shipped June 11 with tap trust, a mechanism that blocks arbitrary Ruby code from third-party taps until explicitly approved — closing a long-standing supply-chain vulnerability. Linux ...
GitHub

lenucksi/aur-malware-check

Detection and analysis tools for the atomic-lockfile supply-chain attack on the Arch User Repository (AUR), generalized to a campaign-based architecture that handles multiple concurrent and historical ...
GitHub

Motion Canvas

A TypeScript library that uses generators to program animations. An editor providing a real-time preview of said animations. It's a specialized tool designed to create informative vector animations ...