Dark Reading

'Contagious Interview' Attack Now Delivers Backdoor Via VS Code

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...

Microsoft Launches winapp to Simplify Windows App Development

Microsoft’s new winapp CLI simplifies Windows app development with one-command setup, faster testing, and easier packaging.

How to help clients manage a grey divorce after retirement

Some advisors might discount the likelihood of clients divorcing after decades of marriage, but retirement can be a trigger ...

Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.

When AI 'builds a browser,' check the repo before believing the hype

Autonomous agents may generate millions of lines of code, but shipping software is another matter Opinion AI-integrated ...

Jamf has a warning for macOS vibe coders

Just yesterday, we noted the growing threat of ransomware. Now, Jamf Threat Labs is warning that North Korean threat actors ...
InfoWorld

16 open source projects transforming AI and machine learning

From fine-tuning open source models to building agentic frameworks on top of them, the open source world is ripe with ...
IFA Magazine

How to keep your crypto safe from evolving AI scams

A cryptocurrency specialist has sounded the alarm on dangerous tactics fraudsters use to steal digital assets worth millions ...
The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical vm2 Node.js vulnerability (CVE-2026-22709, CVSS 9.8) allows sandbox escape via Promise handler bypass.
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...

How an experienced developer teamed up with Claude to create Elo programming language

Bernand Lambeau, the human half of a pair programming team, explains how he's using AI feature Bernard Lambeau, a Belgium-based software developer and founder of several technology companies, created ...