Apple takes over Swift Package Index, vows to remove GitHub dependency

The Swift Package Index (SPI), a search engine for open source packages for the Swift programming language, is now part of ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
CSO Online

OpenAI rolls out AI-led push to fix open-source software flaws

Patch the Planet’ pairs automated analysis with expert review to uncover and remediate vulnerabilities in core infrastructure ...
InfoQ

Apple Launches Core AI for Apple-Silicon Optimized On-Device Generative AI

At WWDC 26, Apple announced the Core AI framework, the official successor to Core ML. It is designed to allow developers to run large language models and generative AI entirely on-device, supporting ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Tech Times

AI Coding Agent Skills Library Gives Any Tool 51 Senior Engineer Personas

AI coding agent skills library claude-skills ships 345 free, MIT-licensed packages for Claude Code, Codex, Cursor, Gemini CLI ...
Memeburn

Microsoft's GitHub Repos Were Hacked to Steal AI Developer Passwords

Hackers injected malware into 73 Microsoft GitHub repos on June 5, 2026. The attack targeted AI coding tools like Claude Code and VS Code. Read what happened.
MUO on MSN

5 package managers that work on Windows, Mac, and Linux

If reinstalling software feels repetitive, these tools have some ideas.
PC World

Intel Core Ultra vs. 14th-gen Core HX: Which laptops should you buy?

For the first time in many years, you have a choice when buying a new Intel-based laptop: Intel’s 14th-gen Core Ultra (Meteor Lake) or its latest 14th-gen Core HX chip. Which should you buy, and why?
Meduza

Russia’s federal censor denies blocking Python’s package index as developers scramble for workarounds

On Monday, Russian users found they could no longer reach PyPI, the package repository that Python developers rely on for ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...