Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
GitHub

modaic-ai/gepa-viz

Live visualization for GEPA prompt-optimization runs. Renders the candidate tree as a force-directed graph so you can watch prompts evolve over a pareto frontier in real time. Big nodes are candidates ...
Communications of the ACMOpinion

Artificial Intelligence for Software Engineering: From Probable to Provable

Combining the creativity of artificial intelligence with the rigor of formal specification methods and the power of formal ...
PC World

The ’80/20′ ChatGPT prompt is the fastest way to learn anything

We’ve all been there—that moment when you realize you’re in way over your head. For me, it happened during my first briefing with a smart light vendor, when it became painfully obvious that I couldn’t ...
PCMag

The Best Web Hosting Services for 2026

Selecting the right web host is essential for online success. The best web hosting services we've tested cater to a wide ...
Dark Reading

TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

TeamPCP's extensive supply chain campaign continued this week, as the cybercriminal group compromised several SAP npm packages in a "Mini Shai Hulud" attack. The compromised packages went live ...
ABC7 San Francisco

Mountain View declares State of Emergency as water is unsafe to use following water main issue

MOUNTAIN VIEW, Calif. (KGO) -- Mountain View residents whose water service was contaminated during maintenance work will have to wait until at least midweek before they can safely use tap water for ...
The New York Times

UPS Won’t Bring Packages to Their Doors. Some Are Fed Up.

The United Parcel Service will not deliver inside two buildings on Staten Island where its drivers were assaulted decades ago. Residents are suing. The United Parcel Service will not deliver inside ...
Bleeping Computer

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, ...
KTVU

Mountain View water main break leaves dozens under “Do Not Use" order

A water main incident involving a contractor caused a contamination breach near Cuesta Park, prompting a "Do Not Use Water" order. Residents face disruptions as the city provides bottled water, hotel ...
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...