Get the latest tech news

Config Files That Run Code: Supply Chain Security Blindspot

Editor and package-manager config files auto-execute commands when a developer opens a folder or installs dependencies. The Miasma worm wired one dropper into seven of them across Claude Code, Gemini, Cursor, VS Code, npm, Composer, and Bundler. Opening a cloned repo is no longer safe.

None

Get the Android app

Or read this on Hacker News

Related news:

Wired found code for an unreleased facial recognition feature in Meta's AI app

3D-printed book turns its own G-code into raised lettering

Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft's Disclosure Process

« "Maybe AI could create art, but while I live, I don't think I'll see it" - weeks after starring in a Prada art promotion created with AI tools, Hideo Kojima seems to dismiss the controversial tech's creative abilities

Majority of US’s new AI datacenters to be built on drought-hit land »