The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...

「npm install」だけでコードが実行される時代が終了へ、npmが自動スクリプト実行を標準で停止する予定

JavaScriptのパッケージ管理ツール「npm」で、依存パッケージのインストール時に自動実行されるスクリプトについて、2026年7月リリース予定の「npm v12」以降は標準で実行しないようになる変更が予定されています。
Visual Studio Magazine

Using Local AI to Cut Copilot Usage-Based Billing Shock

After being gobsmacked by the new billing plan using almost all my monthly credits in one or two days, I tried pushing some Copilot-style coding work onto local models in VS Code. What I found was ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...