The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

AI Automation in Rust: OpenFang 0.6.0 is here

OpenFang 0.6.0 brings cron jobs with fan-out, skill templates, and a central registry for slash commands. The framework ...
The Next Web

Lovable left thousands of projects exposed for 48 days, and the vibe coding security crisis is only getting worse

Lovable's API exposed source code and database credentials for 48 days after the company closed a bug report. Up to 62% of AI ...

n8n: Updates fix critical security vulnerabilities in automation platform

The update was announced to all admins via email; they should apply it promptly. Code injection is a risk. As announced on ...