Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Tech Times

Linux Foundation Tool Spotlighted: Furious Developers Accuse ‘Sickening’ Google Gemini CLI Bait-and-Switch

Google Gemini CLI loses free-user API access on June 18, replaced by the closed-source Antigravity CLI. Developers who contributed 6,000 merged pull requests are calling it a bait-and-switch — ...
Hosted on MSN

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

Perplexity Bumblebee is an open-source developer security program. Bumblebee doesn't require AI or a subscription. The program aims to spot problems on programmers' laptops. If you're a programmer, ...
Blaze Trends

Flathub bans LLM-generated Linux apps after AI developers overwhelm reviewers with toxicity

An ongoing AI-spam epidemic is flooding open-source software curators with machine-generated junk, and one of the largest Linux distribution platforms just ...