Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
SecurityWeek

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.
InfoWorld

Snowflake extends Cortex Code CLI to dbt and Airflow to streamline data engineering workflows

By moving Cortex into dbt and Airflow, Snowflake is aiming to eliminate context switching and pull AI closer to production pipelines, analysts say.

One engineer made a production SaaS product in an hour: here's the governance system that made it possible

Every engineering leader watching the agentic coding wave is eventually going to face the same question: if AI can generate production-quality code faster than any team, what does governance look like ...