The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
InfoWorld

Tap into the AI APIs of Google Chrome and Microsoft Edge

The Chrome and Edge browsers have built-in APIs for language detection, translation, summarization, and more, using locally ...
The Next Web

Google just launched its agentic enterprise play, and it runs from chip to inbox

Google launches AI agent suite at Cloud Next 2026 with Workspace Studio, A2A protocol at 150 orgs, and Project Mariner. The pitch: only Google owns the full stack.

Another npm supply chain worm is tearing through dev environments

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...
Hackaday

Python Comes To The Arduino Uno Q

MicroPython is a well-known and easy-to-use way to program microcontrollers in Python. If you’re using an Arduino Uno Q, ...

OpenAI updates Agents SDK to improve agent safety and capability for enterprises

OpenAI’s updated Agents SDK adds sandboxing, configurable memory, and file/tool workflows for safer, stronger enterprise ...

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
eWeek

OpenAI Debuts ChatGPT Images 2.0, Bringing Reasoning to AI Image Creation

OpenAI launches ChatGPT Images 2.0 with image editing, reasoning, web research, multilingual support, and better text ...

OpenAI updates its Agents SDK to help enterprises build safer, more capable agents

OpenAI has expanded the capabilities of its agent-building toolkit, as agentic AI continues to grow in popularity.

Forget Python Or Java: What You’re Speaking Is Code

Scripting languages like Python and JavaScript quickly gained popularity and pushed further toward human readability. They ...
InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.