The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...

Harsh Singhal: The AI Engineer Who Taught Machines To Understand Hate Speech In 20 Languages

AI engineer Harsh Singhal built KooBERT, a groundbreaking multilingual transformer that detects hate speech and toxicity ...

GitHub announces npm security changes to tackle supply-chain attacks

GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking ...

Microsoft has mostly repaired flaw in Surface hardware that allowed unprotected devices to be bricked by a single packet

EXCLUSIVE For the past 90 days, Microsoft has been quietly patching a firmware flaw in Surface devices that allowed the ...

npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit ...
Tech Times

Homebrew 6.0.0 Adds Tap Trust to Block Rogue Ruby Installs, Starts Intel Countdown

Homebrew 6.0.0 shipped June 11 with tap trust, a mechanism that blocks arbitrary Ruby code from third-party taps until ...
Tech Times

Claude Code Skills: Inside Anthropic’s Playbook for the Nine Types That Actually Work

Anthropic has published an unusually concrete account of how its own engineers use Skills in Claude Code, the company’s command-line coding agent, in a June 3 post on the Claude blog written by ...
MSN on MSN

Claude Code just made YouTube videos 10x easier

ONE-TIME YOUTUBE LIVE TRAINING THIS WEEK: Apply For 1:1 YouTube Coaching: Claude Bundle: Connect With Me On Other Platforms: ...

Stolen iPhones fuel scary passcode scam

Criminals use fake Apple pages, smishing texts and Telegram tools to trick stolen iPhone owners into revealing passcodes for ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...