Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...
GitHub

Trafilatura: Discover and Extract Text Data on the Web

Trafilatura is a cutting-edge Python package and command-line tool designed to gather text on the Web and simplify the process of turning raw HTML into structured, meaningful data. It includes all ...
Visual Studio Magazine

The Rise of OpenTelemetry in Microsoft Dev Tooling

CNCF graduation, Microsoft tooling updates and cloud-provider support show broader OpenTelemetry adoption across developer platforms.
MacStories

Introducing Shortcuts Playground: Create Apple Shortcuts with Claude Code or Codex

Today, I’m pleased to introduce something I’ve been working on for the past six months: Shortcuts Playground, a plugin for ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Mini Shai-Hulud worm injects disk wiper into Microsoft Azure PyPI package

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...
XDA Developers on MSN

I replaced my Google TV remote with a $25 ESP32 display, and it controls Home Assistant too

I made my own Google TV remote with an ESP32, and it's better than the actual remote.

Anthropic Just Bought a Developer Tool Used by OpenAI, Google

Anthropic acquired SDK startup Stainless, signaling a deeper push into developer tooling as AI labs compete beyond model ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...
PCMag

Google Unwraps Plans to Put AI to Work for Android, Web Developers

New Play Store features aim to ease marketing and management burdens for app developers. But Google is focusing this ...

Anthropic Buys The SDK Pipeline OpenAI And Gemini Depend On

Anthropic acquired Stainless, the SDK compiler behind OpenAI, Gemini and Llama. The deal hands one AI lab structural leverage ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...