Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Infosecurity Magazine

North Korean Hackers Use Fake Coding Tasks to Steal Crypto

To reach protected secrets, the macOS and Linux versions show a fake password dialog, then reuse the captured password to ...

Homebrew 6.0.0が公開される、サードパーティーtapの信頼確認を導入しセキュリティ強化へ

macOSやLinux向けのパッケージ管理ツール「Homebrew」の最新版となるHomebrew 6.0.0が2026年6月11日に公開されました。サードパーティーtapの信頼確認を求める「tap trust」、内部JSON APIの標準での有効化、Linux向けサンドボックス、brew bundleの改善、パフォーマンス向上、macOS 27「Golden Gate」への初期対応などのアップデ ...

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have ...
InfoWorld

10 tips for getting better R code from your AI coding agent

With the proper setup and guidance, you can have Claude Code, Codex, Posit Assistant, and other coding agents writing R code ...
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...
PC Watch

Mac miniが市場から消えた!?噂の自律型AI「OpenClaw」をローカル環境 ...

OpenClawは、PCを実際に操作できるOSSのAIエージェントだ。便利な一方で、OSそのものをAIに触らせることになるため、セキュリティ面の議論も多かった。今回はDockerを使った比較的安全な構成でセットアップし、実際にどこまで使えるのかを前編 ...
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
The Hacker News

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...