Security boffins scoured the web and found hundreds of valid API keys

Computer security boffins have conducted an analysis of 10 million websites and found almost 2,000 API credentials strewn across 10,000 webpages.
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Cloudflare’s new Dynamic Workers ditch containers to run AI agent code 100x faster

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU ...

Anthropic hands Claude Code more control, but keeps it on a leash

Anthropic’s new auto mode for Claude Code lets AI execute tasks with fewer approvals, reflecting a broader shift toward more ...

Mozilla dev’s “Stack Overflow for agents” targets a key weakness in coding AI

Mozilla developer Peter Wilson has taken to the Mozilla.ai blog to announce cq, which he describes as “Stack Overflow for ...

Ai2 releases open-source visual AI agent that can take control of web browsers

Allen Institute for AI, a prominent Seattle-based nonprofit research organization working on advancing artificial ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
WinBuzzer

Trivy Breached Twice in a Month via GitHub Actions

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...
New Scientist

Security credentials inadvertently leaked on thousands of websites

Researchers identified nearly 10,000 websites where API keys could be found, exposing details that could let attackers access ...
WinBuzzer

OpenAI Acquires Python Toolmaker Astral to Boost Codex AI Agent

OpenAI has acquired Astral, the company behind Python tools uv and Ruff, to integrate them into its Codex platform as it ...
How-To Geek on MSN

Android's sideloading changes, the big Visual Studio Code update, better Linux phones, and more: News roundup

Everything you may have missed from the past week.