CSO Online

TrapDoor malware campaign puts developer workstations in CISO spotlight

Malicious packages across npm, PyPI, and Crates.io show how poisoned developer workflows can become a route into enterprise systems.
Arabian Post

InvisibleFerret shift raises developer risks

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...
CoinJournal

TrapDoor attack targets crypto wallets, AWS keys and GitHub tokens

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.
InfoWorld

Taming the generative AI back end

Writing code that interacts with LLM services requires bridging two different worlds. Use these tips and techniques to bind ...

LLMのローカル実行ツール「Ollama」が「Codex」アプリに対応

ローカル環境で大規模言語モデル(LLM)を実行するオープンソースツール「Ollama」の最新版v0.24.0が、5月14日にリリースされた。Windows/macOS/Linuxに対応しており、公式サイトから無償でダウンロードできる。
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...