NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection.
MUO on MSN

Anyone who uses the Windows terminal should use this productivity game-changer

If you rely on Windows Terminal for anything remotely complex, itmux will change the way you work. No more tab overload, ...
Hackaday

This Week In Security: Vibecoding, Router Banning, And Remote Dynamic Dependencies

Vibecoding. What could possible go wrong? That’s what [Kevin Joensen] of Baldur wondered, and to find out he asked ...
techrights.org

Debian is Non-Free

Debian's neglect or abandonment of freedom didn't start with and won't end with firmware blobs ... in any event, a port is going to be really awkward, node.js+npm is designed to work with online ...
GitHub

Token-Oriented Object Notation (TOON)

Token-Oriented Object Notation is a compact, human-readable serialization format designed for passing structured data to Large Language Models with significantly reduced token usage. It's intended for ...
CSO Online

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain ...