Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...
ADTmag

Azul Takes Aim at the Java Runtime Security Blind Spot

Azul launched a free assessment to help enterprises find and prioritize vulnerable Java runtimes as AI-assisted attacks increase patching pressure.
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
For Construction Pros

Bluebeam Releases New Revu Updates with Faster Performance, Markup Tools and Integrations

Bluebeam has released a series of product updates designed to help architecture, engineering and construction (AEC) professionals work more efficiently across teams and platforms. The latest updates ...
Bleeping Computer

Microsoft links Mastra AI supply chain attack to North Korean hackers

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution ...
XDA Developers on MSN

I solved Gemma 4's biggest problem by routing it through Claude, and all it took was a Python script

Complex problems can have Python solutions ...