An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has ...

The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...

Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that ...

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...

CodeRabbit's $60M funding highlights enterprise need for AI code review platforms, with organizations seeing 25% efficiency ...

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

MEM Agent combines privacy, local memory, and AI integration to streamline workflows while keeping your data safe and secure ...

GPT-5-Codex now extends this unified setup with deeper engineering capabilities — even running "independently for more than 7 ...

Microsoft has published a new post explaining GitHub Spec Kit, clarifying its experimental approach to spec-driven ...

At DjangoCon US 2025, speakers emphasized seasoned tech over hype, featuring secure GitOps workflows, simpler frontend ...

This repo contains the source code for running a local MCP server that interacts with APIs for Google Analytics. Join the discussion and ask questions in the 🤖-analytics-mcp channel on Discord.