npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...

Datadog expands observability platform to autonomous AI team colleague

At the DASH conference, Datadog presents new features for autonomous IT operations and AI security with Bits AI SRE, AI Guard ...
SF Weekly

How a San Francisco open-source project became the data layer for global AI

San Francisco's AI economy is mostly being defined by the companies spending the most. Foundation model labs raise billions, ...
Opinion
Foreign AffairsOpinion

How to Counter Beijing’s Unauthorized “Distillation”

A new front has opened in the U.S.-China competition in artificial intelligence: open-weight, local AI models. Until recently, the most capable AI models were too big and too costly to run anywhere ...
IndianWeb2

Cloudflare Acquires VoidZero to Build the Future of the AI-Native Web

Cloudflare acquires VoidZero, bringing Vite’s open source team and tooling, plus $1M ecosystem fund, to unify modern JavaScript development ...

Block: Great Long-Term Play As AI Boosts Efficiency And Cash App Expands

Block (SQ) stock analysis: aggressive cost cuts and AI-driven product innovation could boost growth as semis cool. Click here ...

RCMP allege former Calgary mayor Jyoti Gondek aided planner in reviving rejected rezoning application

Police seeking access to messages and photos on a cellphone belonging to Gondek as part of corruption probe, court documents ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...
SecurityWeek

New Platform Uses Cryptographic Invisibility to Protect AI-Built Applications

Atsign's AI Architect applies cryptographic “invisibility” to secure AI-built applications, helping organizations reduce identity-based risks in agentic and vibe-coded software.