The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.

AI can rewrite open source code—but can it rewrite the license, too?

Computer engineers and programmers have long relied on reverse engineering as a way to copy the functionality of a computer ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...

Chainguard Launches the First Unified Repository for Secure-by-Default Open Source Artifacts

Chainguard, the trusted source for open source, today announced Chainguard Repository, a single Chainguard-managed experience for pulling secure-by-default open source containers, dependencies, OS ...
TMCnet

ActiveState Launches Curated Catalogs to Neutralize Security Risks in AI-Generated Code

New private repository secures the AI-driven development boom by grounding LLMs in a library of 79 million vetted, ...

Betterleaks, a new open-source secrets scanner to replace Gitleaks

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules.

PHP team votes on recognized open-source licenses

The vote in the core PHP team on new open-source licenses has begun. These are intended to create a uniform regulation.
Hackaday

Forgetfulino Puts Back Up Of Source Inside The Binary

How often have you pulled out old MCU-based project that still works fine, but you have no idea where the original source ...
Developer Tech

OpenAI offers free AI coding tools to open-source maintainers

Open-source projects form much of the foundation of modern software, with many systems used in the industry relying on code ...

Why Garry Tan’s Claude Code setup has gotten so much love, and hate

Thousands of people are trying Garry Tan's Claude Code setup, which was shared on Github. And everyone has an opinion: even ...

This new Claude Code Review tool uses AI agents to check your pull requests for bugs - here's how

This new Claude Code Review tool uses AI agents to check your pull requests for bugs - here's how ...

After GitHub outages, OpenAI begins building a rival code repository

The decision reportedly follows a series of service outages that have disrupted developer workflows on GitHub in recent ...