Morning Overview on MSN

Three separate supply-chain attacks hit npm, PyPI, and Docker Hub within 48 hours — all three targeted developer cloud credentials and SSH keys

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
kottke.org

kottke.org posts about Simon Willison

Hashimoto is talking about this complete rewrite of Bun (a Javascript/Typescript toolkit that’s owned by Anthropic and includes “a fast JavaScript runtime designed as a drop-in replacement for Node.js ...
kottke.org

kottke.org posts about Mitchell Hashimoto

Hashimoto is talking about this complete rewrite of Bun (a Javascript/Typescript toolkit that’s owned by Anthropic and includes “a fast JavaScript runtime designed as a drop-in replacement for Node.js ...
Visual Studio Magazine

VS Code 1.121 Adds Remote Agents, Boosts Claude Code Functionality Again

Visual Studio Code 1.121 focuses on agent workflows, model configuration, terminal behavior and built-in preview features -- and features another update to Claude Code functionality.