New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
CSO Online

Claude Code has an MCP security problem — and your developers are already using it

The Mitiga disclosure is the most recent, but it is not the first time Claude Code’s configuration model has created a ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...
InfoWorld

Hole in GitHub’s browser-based VSCode editor could lead to stolen token

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its ...
GitHub

GitHub - microsoft/coreutils: Coreutils for Windows: Installer & Packaging

UNIX-style core utilities for Windows. The same commands and pipelines you use on Linux, macOS, and WSL - natively. PowerShell 7.4 or newer is required. Older ...

Mistral Vibe: Trying out the new agentic Work and Code interfaces

French AI manufacturer Mistral renames the user interface of its LLM models, stepping into the agentic era of AI applications. Moving away from a purely chat-focused interface towards a central ...

Are designers the new SWEs? Figma Make's new two-way GitHub integration turns designs into live, production code — with built-in governance

From an enterprise governance perspective, this means visual AI edits are subject to the exact same continuous integration ...
The Hacker News

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Malicious npm package downloaded 676 times stole Claude AI files via GitHub uploads, increasing AI-driven malware risks.

My new favorite Windows app made my PC safer and more reliable - and it's free

Downloading executable installer files from random websites is the best way to put malware on your Windows PC. Stop doing ...
The Hill

Pentagon releases new batch of UFO files

The second drop includes over 40 videos requested by lawmakers, along with a few files and some audio from NASA missions. The files include written statements about an unidentified object incident ...
TechCrunch

Research repository ArXiv will ban authors for a year if they let AI do all the work

ArXiv, a widely used open repository for preprint research, is doing more to crack down on the careless use of large language models in scientific papers. Although papers are posted to the site before ...
The Conversation

New UFO files offer no answers – but something is happening in the skies

The US Government has released a new trove of documents on various cases of “Unidentified Anomalous Phenomena” (UAPs) – many of which would have been described in the past as Unidentified Flying ...