The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...

Netflix wiz creates app to slash AI bills, then open sources it

As the COOs from both Uber and Microsoft recently learned, encouraging company engineers to use AI aggressively can lead to ...
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...

How Varonis Atlas integrates Claude Compliance API for AI governance

AI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform ...
InfoWorld

Taming the generative AI back end

Writing code that interacts with LLM services requires bridging two different worlds. Use these tips and techniques to bind ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
MUO on MSN

Excel already has a built-in web scraper, this is what I use it for

Grabbing data from the internet is much easier when you skip the coding part.
Visual Studio Magazine

Using Data API Builder to Speed Up Application Development

Data API Builder helps developers expose database objects through REST and GraphQL without building extensive custom data access code. Steve Jones' Visual Studio Live! San Diego 2026 session will show ...
USA Today

How to stream Oscar award-winning Sentimental Value

The international film "Sentimental Value" has received nine nominations for the 98th Academy Awards. The movie follows two estranged sisters who reunite with their famous director father after their ...
Bleeping Computer

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Researchers found nearly 3,000 such ...
InfoQ

HL is a Fast, Rust-Based JSON Log Viewer Offering up to 2GiB/s Parsing Speed

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...