Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
InfoWorld

The browser is your database: Local-first comes of age

The thick client is making a comeback. Here’s how next-generation local databases like PGlite and RxDB are bringing ...
InfoWorld

Three web security blind spots in mobile DevSecOps pipelines

Mobile platforms operate under fundamentally different trust assumptions than we relied on for web security. Your mobile ...

Apify Store pays out $760,000 to developers in January as G2 ranks it a top 10 software product

Apify, a web data and automation platform for AI builders, today announced it has earned 8th position on the Best IT ...
CNET

Have a Library Card? You Can Stream Over 30,000 Movies for Free

Macy is a writer on the AI Team. She covers how AI is changing daily life and how to make the most of it. This includes writing about consumer AI products and their real-world impact, from ...
InfoQ

Vercel Releases React Best Practices Skill with 40+ Performance Rules for AI Agents

Vercel has launched "react-best-practices," an open-source repository featuring 40+ performance optimization rules for React and Next.js apps. Tailored for AI coding agents yet valuable for developers ...

AI images scandalized a California elementary school. Now the state is pushing new safeguards

Adobe's artificial intelligence generated sexualized images in response to prompts for a 4th grade book project. The incident coincided with the release of new state guidelines to prevent harmful AI ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...