Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...
The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.
InfoWorld

Taming the generative AI back end

Writing code that interacts with LLM services requires bridging two different worlds. Use these tips and techniques to bind ...
Morning Overview on MSN

The 'mini Shai-Hulud' attack hides inside AI coding agent configs — the first supply chain attack to weaponize Claude Code and VS Code as persistence vectors

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had ...

Income tax return AY 26-27: Excel utility, online filing for ITR-1 and ITR-4 forms now available on e-filing portal

The Income Tax Department has launched Excel utilities and online filing for ITR-1 and ITR-4 for the Assessment Year 2026-27. Taxpayers earning up to Rs 50 lakh, with specific income sources, can now ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
Tech Times

npm Supply Chain Attacks Hit GitHub: 2FA Approval Gate Now Blocks Stolen CI Tokens

GitHub’s internal repositories — now staged publishing in npm 11.15.0 requires a human 2FA approval before any package goes ...

All You Need To Know About Cloudflare’s Agent Readiness Score

The Cloudflare Agent Readiness Score is a real shift. The composite number is also the wrong thing to optimize for. Here's ...

Malicious npm packages: SAP software compromised

Several SAP npm packages were exposed to a supply chain attack. The hacker group TeamPCP is behind it, say security researchers.
ClickOnDetroit

How a Toledo arrest unraveled a multi-state child porn ring and a Metro Detroit doctor’s guilty plea

A former Metro Detroit doctor pleaded guilty Wednesday to a federal child pornography charge stemming from a multi-state ...

118-Point SEO Playbook Targets Electrician Lead Broker Dependency

How a 118-Point Local SEO Playbook Helps Electricians Cut Out Lead Brokers and Own Their Market Lake Elsinore, United ...