Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...

Miasma campaign poisons 20-plus npm packages, hunts for developer secrets

Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
LinkedIn

Tech Digest with Sam — Week 22, 2026

Tech Digest with Sam brings you the latest news on Tech & AI. Read this on Medium: Tech Digest with Sam — Week 22, 2026 Read the pdf version 👇 Inside this Issue: #1 【 Byline 】When “Claude Is Our ...
Hosted on MSN

Why Anthropic's purchase of Bun surprised everyone

In a surprise twist, Anthropic has acquired Bun, the popular JavaScript runtime, igniting discussions within the developer community. This acquisition comes shortly after unsettling statements were ...
blockchain

Claude Code Launches Dynamic Workflows for Complex Tasks

Anthropic's Claude Code introduces dynamic workflows, enabling AI-powered coding processes that tackle massive engineering projects in parallel. Anthropic has unveiled dynamic workflows for its ...
ZDNet

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
Security Boulevard

Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign

The post Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign appeared first on Tenable Blog. A self-propagating worm has compromised more than 170 npm and ...
TechRepublic

Anthropic Just Bought a Developer Tool Used by OpenAI, Google

Anthropic acquired SDK startup Stainless, signaling a deeper push into developer tooling as AI labs compete beyond model performance. Anthropic just bought a company most users have never heard of, ...
theregister

Anthropic’s Bun Rust rewrite merged at speed of AI

A pull request with a Rust version of Anthropic’s Bun, a JavaScript toolkit and runtime originally written in Zig, has been merged to the main Bun repository. This comes just days after its author, ...
Hosted on MSN

A supply chain attack called 'Mini Shai-Hulud' poisoned official SAP packages and stole developer credentials through AI coding agent configs

On April 29, 2026, someone hijacked four widely used SAP packages on the npm registry, slipped credential-stealing malware into them, and then did something that, according to researchers at Mend.io, ...
Bleeping Computer

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. Bitwarden ...