Morning Overview on MSN

The 'mini Shai-Hulud' attack hides inside AI coding agent configs — the first supply chain attack to weaponize Claude Code and VS Code as persistence vectors

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Visual Studio Magazine

Using Copilot AI to Call OpenAI APIs from Visual Studio 2022

Can advanced AI in Visual Studio 2022 turn the sophisticated IDE into a replacement for low-code tools that is suitable for non-coders to create business apps? The latter tools target "citizen ...
Visual Studio Magazine

Copilot Compared: Advanced AI Features in Visual Studio 2022 vs. VS Code

GitHub Copilot continues to evolve in both Visual Studio and Visual Studio Code, offering developers increasingly intelligent, context-aware tools that go far beyond basic autocomplete. The latest ...
InfoWorld

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
Cryptopolitan on MSN

Hacker target the OpenVSX ecosystem to steal crypto wallets

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto wallets and other data.
Fox News

Iran agrees not to execute eight women tied to anti-regime protests after Trump's public appeal

President Donald Trump said Wednesday that Iran will no longer execute eight women linked to anti-regime protests after he urged their release a day earlier. "Very good news! I have just been informed ...
theregister

Anthropic tests how devs react to yanking Claude Code from Pro plan

Anthropic has removed Claude Code from its Pro subscription plan, according to some of its public-facing web pages, but the company says it’s only a test for a small number of users. On Monday, the ...
decrypt

Google Fixes AI Coding Tool Flaw That Let Attackers Execute Malicious Code: Report

Add Decrypt as your preferred source to see more of our stories on Google. Researchers found a prompt injection vulnerability in Google’s Antigravity AI coding platform. The flaw could allow attackers ...
Forbes

Studio Delays ‘Project Hail Mary’ Streaming Release And Extends Theatrical Run

Forbes contributors publish independent expert analyses and insights. I cover Hollywood and entertainment. This voice experience is generated by AI. Learn more. This voice experience is generated by ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
NewsNation

Iranian regime using executions to prevent revolt ahead of US negotiations

Graphic Warning: This story contains descriptions of violence and sexual assault that may be disturbing. Reader discretion is advised. (NewsNation) — As a second round of U.S.-Iran negotiations is ...