The Next Web

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
techtimes

Azure HorizonDB Enters Public Preview: Web IQ Already Powers Copilot and ChatGPT

On the first day of Microsoft Build 2026 in San Francisco, Microsoft announced the public preview of Azure HorizonDB, a fully managed PostgreSQL-compatible database rebuilt from the ground up for ...
Search Engine Land

Google core updates: What they mean and how to recover

Learn how Google’s core updates impact rankings, content quality, and visibility — plus key steps to diagnose losses and recover stronger. A Google core update is a comprehensive algorithm adjustment ...
Tech Times

GitHub Copilot Replaces GPT-4 With Project Polaris, Ships Multi-Agent VS Code at Build

GitHub Copilot multi-agent support for VS Code launched at Microsoft Build 2026 alongside Project Polaris, an in-house AI ...
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...