The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

Naftiko Launches Alpha of Open-Source Framework That Turns API Sprawl Into Governed Capabilities for AI

Large enterprises manage an average of 1,295 SaaS applications and over 14,000 internal APIs. PARIS, ÎLE-DE-FRANCE, ...
YourStory

Anthropic debuts ‘routines’ in Claude Code to automate recurring dev workflows

Anthropic Routines in Claude Code let teams automate coding, reviews and alerts with scheduled, API and webhook triggers, no ...

Inside the Opus 4.7 Leak and Anthropic’s Massive Claude Code 2.0 Upgrade

Explore the April 2026 AI updates including Claude Code 2.0's redesign, the Opus 4.7 design tool leak, and OpenAI's new GPT-5 ...
The Next Web

Lovable left thousands of projects exposed for 48 days, and the vibe coding security crisis is only getting worse

Lovable's API exposed source code and database credentials for 48 days after the company closed a bug report. Up to 62% of AI ...

We tested Anthropic’s redesigned Claude Code desktop app and 'Routines' — here's what enterprises should know

For the enterprise, the Desktop GUI is likely to become the standard for management and review, while the CLI remains the ...
TMCnet

Strobes Security Unveils Proprietary AI Harness Powering End-to-End Penetration Testing

Strobes is a leader in Exposure Management, unifying vulnerability management, AI Penetration Testing, and risk-based ...

Big Blue Ceiling Launches BigBlueBam — the First Project Management Suite Built for Human-AI Teams

Open-source platform gives AI agents full parity with human teammates across project boards, sprint planning, team ...
Security Boulevard

GitHub Actions Supply Chain Attack: Trivy Breach & Workflow

Breakdown of the Trivy GitHub Actions attack, including workflow misconfigurations, token theft, and supply chain exposure.
SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Anthropic’s Claude Code Security Review, Google’s Gemini CLI Action, and GitHub Copilot Agent hacked via prompt injection ...