InfoWorld

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.
The Hacker News

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.
The Hacker News

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

Ghostwriter used Prometheus lures since spring 2026 to target Ukraine agencies, enabling malware delivery and data theft.

After cyberattacks: TanStack considers restrictions for pull requests

TanStack tightens security measures after supply chain attacks. Pull requests may soon only be possible by invitation.
Macworld

Should you keep your MacBook plugged in when you’re using it?

Over the last several years, Apple has dramatically improved how it handles lithium-ion battery charging in iPhones, iPads, Macs, and Apple Watches. Across multiple system releases, the company moved ...