Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...
The Hacker News

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks

npm 12 disables install scripts by default, requiring explicit approval to reduce dependency-based code execution risks.

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have ...
Tech Times

VS Code Agents Hit Stable: Air-Gapped BYOK Unlocks Enterprise AI Coding

VS Code agents are now in Stable preview, and the 1.122 update removed the GitHub OAuth requirement from BYOK, letting defense, healthcare, and finance developers run fully air-gapped AI-assisted ...
The Hacker News

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

Miasma hit 73 Microsoft repos across four GitHub orgs, forcing access disablement and exposing open-source trust risks.

Python dev saved from disaster by intuition...and AI

Python developer Roman Imankulov nearly took the bait. The fact that he didn't can be chalked up to human intuition and AI ...
CSO Online

Claude Code has an MCP security problem — and your developers are already using it

Claude Code is Anthropic’s AI coding assistant — a command-line tool that developers are adopting fast. It connects to ...
MSN on MSN

I stopped opening Task Scheduler after discovering VS Code's hidden automation layer

Who knew their editor could also automate tasks?

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

Cohere open-sources a coding agent that runs on a single H100

Cohere's North Mini Code ranks 8th of 127 open-weight models on output speed — but generates 3x the output tokens of ...
techtimes

WWDC 2026 Day 3: Xcode 27 Neural Engine Completes Code Without Sending Source to Any Server

Wednesday is the hands-on day at WWDC 2026. Group Labs for Xcode 27, Foundation Models, Core AI, App Intents, and the parental-control API stack are running today, June 10, at Apple Park — the last ...

Google upgrades NotebookLM to Gemini 3.5, adds more coding features

Google LLC today updated its NotebookLM service with a set of online research and coding features designed to save time for ...