Direct Marketing News

A developer building an AI agent found that the system had recommended a small obscure package he had written himself — with only a few stars and no recent updates — and ...

To learn more about the DMNews editorial approach, explore The Direct Message methodology. The moment of recognition arrived without fanfare. A developer — building an AI agent to assist with ...
VentureBeat

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

On May 19, 633 malicious npm package versions passed Sigstore provenance verification. They were cleared by the system because the attacker had generated valid signing certificates from a compromised ...
Ars Technica

Dozens of Red Hat packages backdoored through its official NPM channel

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more ...
Ars Technica

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...
The Hacker News

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly ...
The Hacker News

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based ...
GitHub

cloud-provider-kubevirt.spec

# Below is a manually created tarball, no download link. # We're using pre-populated Go modules from this tarball, since network is disabled during build time. # We can use the generate-source-tarball ...
GitHub

devkit — In-game developer debug menu for Qbox servers

A standalone in-game developer debug and resource management menu for FiveM servers. Scans a configurable resource folder and provides a UI to manage, test and debug resources without leaving the game ...