The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible ...
decrypt

Anthropic Accidentally Leaked Claude Code's Source—The Internet Is Keeping It Forever

Add Decrypt as your preferred source to see more of our stories on Google. Anthropic accidentally exposed 512,000 lines of Claude Code via a source map leak. DMCA takedowns failed as mirrors and clean ...
InfoWorld

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, enabling near-frictionless compromise. A newly disclosed malware strain dubbed ...
EurekAlert!

A UC San Diego tool teaching code to 25 million is even more critical in age of AI

Philip Guo’s research-driven Python Tutor has powered hundreds of millions of code visualizations since 2010 — and new long-term impact recognition highlights why it still matters today When ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious ...
ZDNet

10 things I wish I knew before trusting Claude Code to build my iPhone app

Vibe coding works best in tiny steps, not big specs. Persistent AI documentation eliminates re-ramp time. Git, backups, and exports are critical safety nets. This is not my first vibe coding rodeo. I ...
ZDNet

How to install and configure Claude Code, step by step

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...