Tech Times

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
Decrypt

Perplexity Built a Tool That Checks Your Computer for Infected Software—Without Setting Off the Infection

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
martincid.com

Claude installs npm packages by itself, and the wrong one can take your files

Claude’s Computer Use feature can do something an ordinary chatbot cannot. It can open a terminal on your computer and install software on your behalf, including packages pulled straight from npm, the ...
PC Magazine

Sick of Google's AI Overload? Try These Search Engines Instead

Whether you want fewer AI-generated answers, better privacy protections, or a different approach to discovery, these search engines are compelling alternatives to Google. I've been testing PC and ...