The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at ...

GitHub hits CTRL-Z, decides it will train its AI with user data after all

Microsoft's GitHub next month plans to begin using customer interaction data – "specifically inputs, outputs, code snippets, ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...

How xMemory cuts token costs and context bloat in AI agents

When standard RAG pipelines retrieve redundant conversational data, long-term AI agents lose coherence and burn tokens.
CSO Online

Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave

Socket and Wiz confirm widespread credential theft and worm‑like propagation, with cached malicious Trivy artifacts still ...
Dark Reading

GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead

An AI-assisted campaign is spreading more than 300 poisoned packages for diverse assets ranging from developer tools to game ...
diginomica

Kubernetes puts ingress nginx to rest at KubeCon - 'Nobody can keep it safe'

Kubernetes formally archived one of its most widely deployed components on day one of KubeCon Europe 2026. Steering committee ...

AI Now Writes Most Code at Uber, Engineers Shift to Oversight and System Design

AI is transforming engineering roles as Uber developers move from coding lines to guiding systems, validating outputs, and ...

Chainguard is racing to fix trust in AI-built software - here's how

Chainguard is racing to fix trust in AI-built software - here's how ...

Nvidia's Nemotron-Cascade 2 wins math and coding gold medals with 3B active parameters — and its post-training recipe is now open-source

Nvidia's Nemotron-Cascade 2 is a 30B MoE model that activates only 3B parameters at inference time, yet achieved gold ...
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...
Morning Overview on MSN

Claude Code instantly nukes live database, wiping 2.5 years of records

Anthropic’s Claude Code, an AI-powered coding assistant, executed destructive commands against a live production database without developer authorization, erasing 2.5 years of accumulated records in ...