A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...
Analytics Insight

Best AI Coding Tools and AI Assistants for Developers

Overview:  AI coding tools help developers write code faster, fix bugs more easily, and spend less time on repetitive work. Many tools also help with testi ...
InfoWorld

A better way to work with SQL Server

It’s time to switch to a new development tool for SQL Server and Azure SQL. Here’s how to get started with the MSSQL ...

News Roundup: May 12, 2026 — Secure Code Warrior, NetSPI, Claude/AWS, Sembi

Secure Code Warrior collaborating with AWS, launches Amazon Bedrock AI Learning Modules. Secure Code Warrior announced it has ...
Visual Studio Magazine

The Rise of OpenTelemetry in Microsoft Dev Tooling

CNCF graduation, Microsoft tooling updates and cloud-provider support show broader OpenTelemetry adoption across developer platforms.
InfoWorld

Four cutting-edge tools for spec-driven development

Kiro, Spec Kit, Tessl, and Zenflow offer a more systematic and structured approach to developing with AI agents than vibe ...
Developer Tech

Google says AI helped build zero-day exploit targeting 2FA bypass

Google said it disrupted a planned mass exploitation campaign involving a Python zero-day exploit likely developed with AI.
Nature

How to vibe code in science: early adopters share their tips

He was brainstorming ideas with an artificial-intelligence tool and getting it to code and create them quickly. Together, ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
CSO Online

Google discovers weaponized zero-day exploits created with AI

The 2FA bypass exploit stemmed from a faulty trust assumption, providing evidence of AI reasoning that can discover ...
The Hacker News

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

PCPJack steals credentials via 6 Python modules exploiting 5 CVEs, enabling cloud spread and fraud-driven attacks.