CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

This viral vibe-coded game turns Google Maps into a time machine

That is the question that WenWare adds to the formula of GeoGuessr, a popular game that shows Google Maps locations all over ...
Communications of the ACM

Good Vibes: AI Coding Tools and Platforms

Technology that helps write computer code is not new, but advances in generative AI (GenAI) and agentic AI have catapulted ...
InfoWorld

Four cutting-edge tools for spec-driven development

Kiro, Spec Kit, Tessl, and Zenflow offer a more systematic and structured approach to developing with AI agents than vibe ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
The Caledonian-Record

Phancy Group Ranked Number One in China’s Machine Learning Platform Market for the 8th Consecutive Year

IDC today released its China AI Software Market Semi-Annual Tracker, 2025H2 report. According to the report, Phancy Group ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
Analytics Insight

Top Careers for Software Engineers to Explore in 2026

Overview:  AI, cloud computing, cybersecurity, and automation are creating some of the highest-paying career opportunities ...
CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
Infosecurity Magazine

Cline Kanban Flaw Lets Websites Hijack AI Coding Agents

A critical vulnerability in the Cline Kanban server has been disclosed that allows any website a developer visits to silently ...