Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Websites have a new way to spy on visitors: Analyzing their SSD activity

Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows ...

AI Wrote Your Code. Did Anyone Actually Check It? Here’s the Verification Problem Most Companies Aren’t Prepared For.

AI is generating code faster than humans can ever hope to verify. If your QA strategy hasn't evolved to match the speed of AI ...

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...

TestSprite launches an open-source command-line tool to help AI agents check their own work

Autonomous artificial intelligence-powered software testing tool TestSprite Inc. today announced that the company has ...

New GitHub Zero-Day Exposed Developer Tokens to Attackers

A github.dev flaw could let attackers steal GitHub OAuth tokens through a one-click attack, exposing private repositories and ...

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.
GitHub

lenucksi/aur-malware-check

Detection and analysis tools for the atomic-lockfile supply-chain attack on the Arch User Repository (AUR). This is a collection of all the scattered resources, especially the ones in the detection ...
GitHub

Devinterview-io/javascript-interview-questions

JavaScript is dynamically-typed, meaning the data type of a variable can change during the execution of a program. Data type coercion can occur, where values are implicitly converted from one type to ...