Malicious packages for dYdX cryptocurrency exchange empties user wallets

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX ...
InfoWorld

GitHub eyes restrictions on pull requests to rein in AI-based code deluge on maintainers

GitHub is weighing tighter pull request controls and AI-based filters after maintainers warned that a surge of low-quality, ...

The Double-Edged Sword of Non-Human Identities

Leaked non-human identities like API keys and tokens are becoming a major breach driver in cloud environments. Flare shows ...
The Hacker News

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

Eclipse Foundation to require pre-publish security checks for Open VSX extensions to reduce VS Code supply-chain risk.
Cryptopolitan

dYdX targeted as malicious packages empty its user wallets

Researchers have revealed that bad actors are targeting dYdX and using malicious packages to empty its user wallets.

Kilo CLI 1.0 brings open source vibe coding to your terminal with support for 500+ models

Remote-first AI coding startup Kilo doesn't think software developers should have to pledge their undying allegiance to any ...

Sixteen Claude AI agents working together created a new C compiler

Over two weeks and nearly 2,000 Claude Code sessions costing about $20,000 in API fees, the AI model agents reportedly ...

Visual Studio Code 1.109: Watch AI Models Think

In VS Code chat, AI agents can now ask follow-up questions and generate Mermaid diagrams, and Anthropic Claude models show ...

China warns of security risks linked to OpenClaw open-source AI agent

By Che Pan and Brenda Goh BEIJING, Feb 5 (Reuters) - China's industry ministry on Thursday warned that the OpenClaw ...

Qwen3-Coder-Next offers vibe coders a powerful open source, ultra-sparse model with 10x higher throughput for repo tasks

On SWE-Bench Verified, the model achieved a score of 70.6%. This performance is notably competitive when placed alongside significantly larger models; it outpaces DeepSeek-V3.2, which scores 70.2%, ...
Dark Reading

Shai-hulud: The Hidden Cost of Supply Chain Attacks

Recent supply chain attacks involving self-propagating worms have spread far, but the damage and long-term impact is hard to ...

The Hottest New AI Agent Is Here – But It Has Some Experts Raising Alarms

Agentic AI has promised to revolutionize how people get things done. This new agent is the closest we've gotten to that, but it's not without its problems.