The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
The Next Web

Lovable left thousands of projects exposed for 48 days, and the vibe coding security crisis is only getting worse

Lovable's API exposed source code and database credentials for 48 days after the company closed a bug report. Up to 62% of AI ...
Crypto Briefing

Utexo and x402 enable USDT payments for the agent economy with near-instant settlement

Utexo, the Bitcoin-native execution and settlement layer for stablecoin payments, today announced a collaboration with x402 ...
9to5Google

Google AI Pro and Ultra subscribers now get higher AI Studio limits

Google AI Studio provides access to Gemini models via your web browser, with AI Pro and Ultra subscribers now getting ...

Tiiny Host Gives AI Agents the Power to Publish Anything Online: 100+ File Types, Zero Friction, One Sentence

Say “publish this as a website” and your AI agent handles the rest: it builds the file, uploads it, and hands you a ...
LondonLovesBusiness

Top 10 new and promising API testing tools in 2025-2026

Explore the top 10 new and promising API testing tools in 2025-2026 that are transforming the testing landscape.

How to use Codex to build a Website

What makes Codex useful for building websites is that it can install software packages, run a local preview server, track ...

Should my enterprise AI agent do that? NanoClaw and Vercel launch easier agentic policy setting and approval dialogs across 15 messaging apps

By integrating Vercel’s Chat SDK and OneCLI’s credential vault, NanoClaw 2.0 ensures that no sensitive action occurs without ...

Claude Opus wrote a Chrome exploit for $2,283

In a blog post on Wednesday, Mohan Pedhapati (s1r1us), CTO of Hacktron, described how he used Opus 4.6 to create a full ...

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...

Eclipse Foundation Launches Open VSX Managed Registry

The Eclipse Foundation today announced Open VSX Managed Registry , the open source software ecosystem’s first foundation-operated managed service for critical developer infrastructure. Open VSX is the ...