npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...
SF Weekly

How a San Francisco open-source project became the data layer for global AI

San Francisco's AI economy is mostly being defined by the companies spending the most. Foundation model labs raise billions, ...

My daughter helped me fall in love with feasting

Of the many anxieties I had about bringing another person into the world, ensuring her own enduring love of food was high on ...
Opinion
Foreign AffairsOpinion

How to Counter Beijing’s Unauthorized “Distillation”

A new front has opened in the U.S.-China competition in artificial intelligence: open-weight, local AI models. Until recently, the most capable AI models were too big and too costly to run anywhere ...

More News Sites Default To Blocking AI Crawlers

Reuters and Time now block AI bots by default, allowing only approved crawlers through allowlists, as more publishers add ...
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...
The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.

Your browser is too nosy. Change these 5 settings now

Chrome, Edge, and Firefox are often set to be too intrusive. With these five changes, you can improve privacy, security and ...
The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

How your phone will change under new government rules on explicit images

The prime minister has made a major announcement that could change the way everyone in the UK uses their phone.

The end of uBlock Origin in Chrome is now weeks away, not months

Starting with the next major release, Chromium will stop supporting Manifest V2 extensions. The change will affect users who have clung to uBlock Origin in Chrome, ...