Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Next Web

Java’s biggest language change in a decade is finally landing. It took 197,000 lines of code.

Project Valhalla's JEP 401 will bring value classes to JDK 28, removing object identity from Java types in a 197,000-line change twelve years in the making ...

The Ouroboros Effect: What Happens When AI Trains On Insecure AI-Generated Code?

Organizations need to break the infinite renewal cycle of AI learning from the flawed data of previous AI models.
latesthackingnews.com

LiteLLM Vulnerability Chain: What Security Teams Running AI Gateways Need to Do Now

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...
The Hacker News

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

OpenClaw input flaws let hidden contacts and phishing emails trigger code execution and data leaks, exposing agent trust ...
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...