CSO Online

FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

Researchers say the campaign uses a browser-based JavaScript VM to hide credential theft and intercept MFA at scale.

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the security risks of hallucinated dependencies.
InfoWorld

Four cutting-edge tools for spec-driven development

Kiro, Spec Kit, Tessl, and Zenflow offer a more systematic and structured approach to developing with AI agents than vibe ...
Communications of the ACM

Good Vibes: AI Coding Tools and Platforms

Technology that helps write computer code is not new, but advances in generative AI (GenAI) and agentic AI have catapulted ...

This viral vibe-coded game turns Google Maps into a time machine

That is the question that WenWare adds to the formula of GeoGuessr, a popular game that shows Google Maps locations all over ...

Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them

A new infostealer variant targets macOS users by spoofing Apple, Microsoft, and Google and then then gets to work searching ...
InfoQ

TanStack Details Sophisticated npm Supply Chain Attack That Compromised 42 Packages

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...
Analytics Insight

Top Careers for Software Engineers to Explore in 2026

Overview:  AI, cloud computing, cybersecurity, and automation are creating some of the highest-paying career opportunities ...

Microsoft Confirms Active 0-Day Exploit—Check Emergency Mitigation

Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Infosecurity Magazine

Cline Kanban Flaw Lets Websites Hijack AI Coding Agents

A critical vulnerability in the Cline Kanban server has been disclosed that allows any website a developer visits to silently ...