The head of Claude Code hasn’t written a line of code by hand in 8 months

Boris Cherny was asked at Brainstorm Tech if he was concerned about the rapid progress of AI: "Yes." ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...
Geeky Gadgets

Bun.Image is Making External Image Libraries Obsolete

Bun.Image, introduced in Bun 1.3.14, embeds a high-performance API for server-side image processing directly into the Bun runtime. Unlike traditional methods that depend on external libraries such as ...
GIGAZINE

The video downloader 'yt-dlp' has deprecated Bun, due to concerns about the risks associated with Bun's over-reliance on AI coding.

When downloading YouTube videos with the video download tool ' yt-dlp, ' it is strongly recommended to install a JavaScript runtime such as 'Deno' or 'QuickJS.' Until ...

Anthropic Buys The SDK Pipeline OpenAI And Gemini Depend On

Anthropic acquired Stainless, the SDK compiler behind OpenAI, Gemini and Llama. The deal hands one AI lab structural leverage over rivals' developer ecosystems.
heise online

AI Porting: Claude Rewrites Bun Codebase in Rust

Bun once set out to replace Node.js as a JavaScript server, NPM as a package manager, and bundlers like esbuild with a single piece of software. At the end of 2025, the AI company Anthropic took over ...