InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

144 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

OpenAI Buys Ona To Run Codex Agents Inside Enterprise Clouds

OpenAI is acquiring Ona, formerly Gitpod, to run Codex agents inside a customer's own cloud. The coding-agent race is ...
SBS

Australians' personal data could soon be accessible by US agencies. Here's why

Critics are calling on the Albanese government to provide more clarity on whether it is considering expanded data-sharing agreements with the Trump administration. Source: SBS, Getty As White House ...
Nature

Open Access Fees and Funding

All articles published in Scientific Data are made freely and permanently available online immediately upon publication, without subscription charges or registration barriers. Further information ...
Visual Studio Magazine

VS Code 1.124 Focuses on Agent Autonomy and Parallel Sessions

Microsoft's June 2026 VS Code update turns on Autopilot by default and adds background sending for agent sessions.
GitHub

lenucksi/aur-malware-check

Detection and analysis tools for the atomic-lockfile supply-chain attack on the Arch User Repository (AUR). This is a collection of all the scattered resources, especially the ones in the detection ...