The Hacker News

⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and More

Your Monday cybersecurity recap covers the latest digital threats, exposed weaknesses, active attacks, and security stories ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Unite.AI

OpenAI Codex Review: I Built a Landing Page in 20 Mins

A recent Stack Overflow survey found that more than 84% of developers are already using or planning to use AI tools in their workflow. After trying OpenAI Codex for myself, I understand why. Like many ...

In an increasingly risky investing environment, can warnings backfire?

Lately, I’ve been thinking about that phenomenon while watching the lines between investing and gambling continue to blur.

Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More

This vibe coding cheat sheet explains how plain-language prompts can build apps fast, plus the planning, testing, and ...
SiliconANGLE

AWS Kiro accelerates software development by proving code correctness before it gets to work

Amazon Web Services Inc. is trying to get rid of the bottleneck between architectural planning and code execution with a number of upgrades to its artificial intelligence software development tool ...
CSOonline

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, ...
Windows Central

"This could cost people their jobs": VS Code added Copilot as co-author without permission ...

Not content with threatening to replace your role at work or causing company layoffs, AI is taking credit for work it did not even generate. Or at least it was until Microsoft Copilot got called out.
TechCrunch

Lovable launches its vibe-coding app on iOS and Android

Apple’s recent crackdown on vibe-coding apps hasn’t held up Lovable’s launch of its no-code AI app builder, which is now available as a mobile app on Apple’s and Google’s app stores. The vibe-coding ...
The Verge

OpenAI’s big Codex update is a direct shot at Claude Code

Codex can now use your macOS apps on its own. Codex will now be able to operate desktop apps on your computer, OpenAI says in a blog post announcing the update. It can work in the background, meaning ...
InfoQ

Cloudflare Launches Code Mode MCP Server to Optimize Token Usage for AI Agents

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Bleeping Computer

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. The ...