The hype around AI-assisted coding is loud. But what's actually happening on the ground? Three recent reads that cut through the noise.
Read more →
BY TOB • 4 MIN READ
The popular HTTP client library Axios was compromised with a malicious dependency, affecting versions 1.14.1 and 0.30.4. Here's what happened and how to protect yourself.
Read more
BY TOB • 5 MIN READ
Two developer bombshells dropped this week: Anthropic accidentally shipped Claude Code's source map to npm, and attackers compromised axios with a precision supply chain strike. Here's what actually happened and what it means for you.
Read more
BY TOB • 5 MIN READ
A LLM trained on 19th-century British novels, a malware-infected Python package, and a clever new library for measuring text in browsers. Here's what's been cooking in AI this week.
Read more
BY TOB • 6 MIN READ
The LiteLLM PyPI incident that hit 47k downloads, plus Claude Code's new permissions safety net.
Read more
BY TOB • 5 MIN READ
A compromised PyPI package steals SSH keys, researchers run trillion-parameter models on 96GB RAM, and Cursor ships Composer 2 with automations.
Read more
BY TOB • 4 MIN READ
Security flaw in Snowflake's AI agent, Python's JIT ahead of schedule, and Cursor's massive plugin ecosystem expansion.
Read moreBY TOB • 6 MIN READ
A researcher found a prompt injection vulnerability in Cline's AI-powered issue triage that could have compromised production releases on VS Code Marketplace and OpenVSX. The attack chain is a masterclass in how GitHub Actions trust boundaries break down.
Read moreBY TOB • 5 MIN READ
OpenAI dropped GPT-5.4. A malicious GitHub issue title compromised 4,000 developer machines. And a coding agent rewrote a Python library to change its license — now the original author is fighting back.
Read more