The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...
InfoWorld

Xiaomi releases MIT‑licensed MiMo models for long‑running AI agents

With a 1‑million‑token context window and sparse MoE design, MiMo‑V2.5 targets developers building autonomous coding and ...
InfoWorld

OpenAI’s Symphony spec pushes coding agents from prompts to orchestration

Symphony offers a glimpse of how enterprises may move from using AI as a coding assistant to managing it as part of the ...
InfoQ

npmx Reaches Alpha: Community Driven Alternative Browser for the npm Registry

Daniel Roe and over 250 contributors. It emphasizes speed and features absent in the official npmjs.com interface, such as ...
Communications of the ACM

How AI is Changing Programming Language Usage

Armando Solar-Lezama, Distinguished Professor of Computing and Associate Director of the Computer Science and Artificial ...
DataBreachToday

Flurry of Supply-Chain Software Library Attacks

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...
Arabian Post on MSN

Firefox 150 closes code execution risks

Mozilla has released Firefox 150 with a broad security update that fixes 41 vulnerabilities, including multiple high-impact flaws tied to memory handling, browser components and privilege controls, ...
The Caledonian-Record

Curiox Biosystems Signs Master Software License Agreement for Enterprise-Scale Pluto Code ...

Curiox Biosystems today announced the signing of a Master Software License Agreement with a major global pharmaceutical organization for the deployment of ...
Homeland Security Today

Supply Chain Compromise Impacts Axios Node Package Manager , CISA Alert Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...

Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain ...

GHENT, Belgium, April 20, 2026 (GLOBE NEWSWIRE) -- Aikido Security today launched Aikido Endpoint, a lightweight security agent that protects developer devices against software supply chain attacks by ...