SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
Things To Do in Dubai on MSN

MultiHopper opens API access for AI agents and developers: Launching SWIFT 2.0 for onchain digital assets

Programmable, non-custodial onchain routing for Solana. 2,800+ live transfers. Revenue positive. Top 3 at Visa’s track, ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

AI agents have fundamentally changed the threat model of AI model-based applications. By equipping these models with plugins (also called tools), your agents no longer just generate text; they now ...

200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's how to audit your deployments.
The Hacker News

What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: "So, ...
InfoWorld

SpaceX secures option to acquire AI coding startup Cursor for $60B

The rocket company says the deal would pair Cursor’s coding models with SpaceX’s Colossus supercomputer, raising questions for enterprise customers around model neutrality and data contracts. SpaceX ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python ...
Nerdbot

Cursor vs Lovable vs Bolt: The Best Vibe Coding Tools in 2026 (Tested & Compared)

If you want to build an app but do not know where to start, the right tool depends less on hype and more on how you work. Some platforms are built for developers who want control. Others are built for ...
GitHub

ludo-technologies/add-skills

amp, antigravity, claude-code, clawdbot, cline, codebuddy, codex, command-code, continue, crush, cursor, droid, gemini-cli, github-copilot, goose, kilo, kiro-cli ...
Geeky Gadgets

Try Pyrefly Beta : Instant Checks, Smarter Hints, Smoother Large Scale Python Workflows

What if the tool you’ve been waiting for could not only catch errors in your Python code instantly but also handle millions of lines with lightning speed? Enter Pyrefly, Meta’s latest innovation in ...