Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Apify Store pays out $760,000 to developers in January as G2 ranks it a top 10 software product

Apify, a web data and automation platform for AI builders, today announced it has earned 8th position on the Best IT ...

Anthropic's Claude Code Security is available now after finding 500+ vulnerabilities: how security leaders should respond

Anthropic's Claude Opus 4.6 surfaced 500+ high-severity vulnerabilities that survived decades of expert review. Fifteen days later, they shipped Claude Code Security. Here's what reasoning-based ...
InfoQ

How WebAssembly Components Enable Safe and Portable Software Extensions

ABI and scripting to the Wasm Component Model (WASI Preview 2). He shares how to build secure plugin systems that run at near ...
InfoWorld

WinterTC: Write once, run anywhere (for real this time)

The unified JavaScript runtime standard is an idea whose time has come. Here’s an inside look at the movement for server-side JavaScript interoperability.
InfoWorld

Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors

Attackers used “technical assessment” projects with repeatable naming conventions to blend in cloning and build workflows, retrieving loader scripts from remote infrastructure, and minimizing on-disk ...

Microsoft deleted a blog promoting AI trained on pirated Harry Potter books

Microsoft’s deleted Harry Potter AI blog highlights the messy ethics of training large language models on pirated content.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...