Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...

Miasma campaign poisons 20-plus npm packages, hunts for developer secrets

Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
Hosted on MSN

Why Anthropic's purchase of Bun surprised everyone

In a surprise twist, Anthropic has acquired Bun, the popular JavaScript runtime, igniting discussions within the developer community. This acquisition comes shortly after unsettling statements were ...
blockchain

Claude Code Launches Dynamic Workflows for Complex Tasks

Anthropic's Claude Code introduces dynamic workflows, enabling AI-powered coding processes that tackle massive engineering projects in parallel. Anthropic has unveiled dynamic workflows for its ...
theregister

Anthropic’s Bun Rust rewrite merged at speed of AI

A pull request with a Rust version of Anthropic’s Bun, a JavaScript toolkit and runtime originally written in Zig, has been merged to the main Bun repository. This comes just days after its author, ...
Hosted on MSN

A supply chain attack called 'Mini Shai-Hulud' poisoned official SAP packages and stole developer credentials through AI coding agent configs

On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware into them, and then did something that, according to researchers at Mend.io, ...
Bleeping Computer

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. Bitwarden ...
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket ...
cybernews

Axios patches critical vulnerability that allows attackers to steal cloud credentials

Just two weeks after a massive supply chain compromise, Axios, a widely used JavaScript library for making web requests, is experiencing another critical threat. It contains a bug that allows ...
LinkedIn

Anthropic's Claude Code Source Leak: What Happened, What It Means, and How Developers Are Reacting

Claude Code-- This is not the Claude AI model itself. It is a separate software tool (a "command-line interface" or CLI) that developers install on their computers to interact with Claude from their ...
LinkedIn

Bun vs. Node.js - first benchmarks from our team

At Pixida we build backend systems of many kinds: data-heavy services, serverless functions and more "classic" business and SaaS applications. In a recent internal TECHTALK, one of our colleagues ...