The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
Tech Times

Claude Code Dynamic Workflows: Scripts Replace Context Windows, Ultracode Automates Orchestration

Claude Code Dynamic Workflows, launched May 28, 2026, replaces context-window orchestration with a JavaScript script Claude writes on the fly for each task. Runs cap at 1,000 parallel subagents with ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source ...

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens ...
Visual Studio Magazine

VS Code 1.121 Adds Remote Agents, Boosts Claude Code Functionality Again

Visual Studio Code 1.121 focuses on agent workflows, model configuration, terminal behavior and built-in preview features -- and features another update to Claude Code functionality.
Hosted on MSN

Unexpected packages with QR codes could put your information at risk

MYRTLE BEACH, SC (WMBF) - The Better Business Bureau is warning consumers about a “brushing” scam involving unsolicited packages that arrive at their homes. The scam works by companies finding names ...
martincid.com

Claude installs npm packages by itself, and the wrong one can take your files

Claude’s Computer Use feature can do something an ordinary chatbot cannot. It can open a terminal on your computer and install software on your behalf, including packages pulled straight from npm, the ...