The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
The Hacker News

Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs

Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M ...
InfoQ

OpenAI Publishes Codex App Server Architecture for Unifying AI Agent Surfaces

OpenAI has recently published a detailed architecture description of the Codex App Server, a bidirectional protocol that decouples the Codex coding agent's core logic from its various client surfaces.

Microsoft's Azure Reacceleration Could Shock Wall Street

Microsoft Corporation's AI agents, custom silicon, and Azure capacity expansion create multiple monetization levers. Learn ...

Phallon Tullis-Joyce says alleged racial abuse against Vinicius Jr. is ‘not OK’

Tullis-Joyce brought up her personal identity to explain her perspective and spoke about her campaign for diversity, equity and inclusion.

Vinicius Jr racism allegations: The protocols, what happens now and possible punishments

Dissecting how allegations of racism are dealt with by football's authorities and what the consequences could be ...