Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
theregister

Vibe coding may be hazardous to open source

Tailwind Labs CEO Adam Wathan recently blamed AI for forcing him to lay off three workers. Tailwind Labs oversees the development of the open source Tailwind CSS framework. And according to Wathan, AI ...