The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Anthropic Tool Calling Updates Cut Tokens 30–50% in Multi-Step Agent Tasks

Anthropic updates tool calling to reduce token use; tool search cuts tokens up to 80%, making larger tool sets practical.
GitHub

IGVF-DACC/igvf-async-python-client

Unless you have a specific need for an async Python client, you are probably looking for the synchronous IGVF Python client. The Python client is autogenerated based on this IGVF OpenAPI specification ...
InfoWorld

WinterTC: Write once, run anywhere (for real this time)

The unified JavaScript runtime standard is an idea whose time has come. Here’s an inside look at the movement for server-side JavaScript interoperability.
GitHub

agentic-dev-io/agent-farm

agent-farm/ ├── src/agent_farm/ # Main Python package │ ├── main.py # Entry point, MCP server initialization │ ├── spec_engine.py # Spec Engine class (central component) │ ├── orgs.py # Organization ...