Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Microsoft quietly removes an AI blog post after realizing "pirating the Harry Potter books" isn't a great look

Microsoft’s deleted Harry Potter AI blog highlights the messy ethics of training large language models on pirated content.
PCMag

A Beloved Music Streaming App Is Back, Thanks to Claude Code

When Tomahawk shut down in 2016, it was powered by a team of six. A decade later, developer J Herskowitz has vibe-coded it ...
SecurityWeek

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.