Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
SecurityWeek

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

Orca has discovered a supply chain attack that abuses GitHub Issue to take over Copilot when launching a Codespace from that ...
InfoWorld

WinterTC: Write once, run anywhere (for real this time)

The unified JavaScript runtime standard is an idea whose time has come. Here’s an inside look at the movement for server-side JavaScript interoperability.
InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
CoinDesk

IoTeX offers cross-bridge hackers 10% bounty if they return $4.4 million within 48 hours

A private key compromise drained millions from IoTeX’s ioTube bridge, with analysts disputing total losses and warning recovery via THORChain may prove difficult.
MIT Technology Review

The Download: a blockchain enigma, and the algorithms governing our lives

To be human is, fundamentally, to be a forecaster. Occasionally a pretty good one. Trying to see the future, whether through the lens of past experience or the logic of cause and effect, has helped us ...