Agentic Coding on Supabase with OpenCode
OpenCode, an open-source AI coding agent with 180,000 GitHub stars and 7.5M monthly active users, has launched an integration with Supabase. The integration allows AI agents to access Supabase's accou…
OpenCode, an open-source AI coding agent with 180,000 GitHub stars and 7.5M monthly active users, has launched an integration with Supabase. The integration allows AI agents to access Supabase's accou…
A new exploit technique bypasses OpenBSD's W^X protection on arm64 hardware lacking PAC, BTI, or hardware CFI, using a file-backed RX mapping to achieve code execution. The technique, demonstrated in …
A developer detailed three vulnerabilities in the AI-coding-agent stack, including a supply chain worm that persists in developer toolchain configs, an abuse of shell built-ins to bypass Cursor's comm…
In June 2026, attackers hijacked the npm contributor account 'ehindero' to mass-publish malicious versions of 144 packages under the @mastra namespace, in what security researchers from JFrog, SafeDep…
Twilio CFO Aidan Viggiano detailed a multi-year turnaround that restored Wall Street confidence, involving workforce cuts, strategic focus on AI integration, and making the Segment unit profitable. Th…
Socket's Threat Research team identified 23 new malicious PyPI packages in the Mini Shai-Hulud, Miasma, and Hades supply chain attacks, expanding the campaign to 471 artifacts across npm and PyPI. The…
NanoClaw, an autonomous agent framework, integrated with JFrog's vetted software registries to restrict agents to downloading reviewed packages, announced at a JFrog event in San Francisco. The integr…
NanoClaw has integrated JFrog's platform to enhance the security of its software packages, addressing concerns about untrusted AI agents. The move aims to prevent malicious code from being distributed…
Socket Threat Research identified 23 new malicious PyPI packages in the Mini Shai-Hulud, Miasma, and Hades supply chain attacks, targeting bioinformatics and AI/MCP developers with trojanized native e…
On June 3, 2026, attackers pushed malicious commits to the GitHub repository `icflorescu/mantine-datatable` and four sibling repos, planting a 4.3 MB payload from the Miasma worm family. The commit ad…
A malicious npm package called `js-logger-pack` evolved through 29 versions into a full remote access trojan (RAT) named `MicrosoftSystem64` that exfiltrates stolen data to attacker-controlled Hugging…
A malicious npm package named js-logger-pack, first observed in early April 2026, evolved across 29 versions into a cross-platform malware loader that deploys an 81 MB payload called MicrosoftSystem64…