JavaScriptのパッケージ管理ツール「npm」で、依存パッケージのインストール時に自動実行されるスクリプトについて、2026年7月リリース予定の「npm v12」以降は標準で実行しないようになる変更が予定されています。

TL;DR Introduction At the start of this year, I wrote a blog on how 2025 was the ‘year of the infostealer’, and it doesn’t ...

As if the Miasma situation weren't bad enough, now this weapon is spreading like wildfire. Someone open sourced the entire ...

Anthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code.

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Instead of just asking for a summary, tell the AI to sort the mess into a clean markdown table with specific columns, like “Date,” “Issue,” and “Priority Level.” You can then copy and paste that clean ...

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. In recent months, Microsoft Threat ...

And saves me a lot of time.

JINX-0164 has targeted crypto developers through fake LinkedIn meeting invites that lead to macOS malware infections, ...

And it works quite well.