Flux
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Cybersécurité Programmation

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Socket researchers discovered that the Bitwarden CLI was compromised as part of the ongoing Checkmarx supply chain campaign. The open source password manager serves more than 10 million users and over 50,000 businesses, and ranks among among the top three password managers by enterprise adoption. The affected package version appears to be @bitwarden/cli2026.4.0, and the malicious code was published in bw1.js, a file included in the package contents. The attack appears to have leveraged a…

Socket
Behavioral Credentials: Why Static Authorization Fails Autonomous Agents
IA

Behavioral Credentials: Why Static Authorization Fails Autonomous Agents

Enterprise AI governance still authorizes agents as if they were stable software artifacts.They are not. An enterprise deploys a LangChain-based research agent to analyze market trends and draft internal briefs. During preproduction review, the system behaves within acceptable bounds: It routes queries to approved data sources, expresses uncertainty appropriately in ambiguous cases, and maintains source […]

O'Reilly Radar — AI/ML
Community Corner: The AI Refactor with Kumuda Sreenivasa
Programmation Web

Community Corner: The AI Refactor with Kumuda Sreenivasa

In this episode, Scott talks Kumuda Sreenivasa about her talk on using AI to help with refactoring/replacing legacy system that she’s be presenting at JStek 2026. Links: Our Discord – https://discord.gg/aMTxunVx Buy our shirts – https://store.phparch.com/products/community-corner-podcast-t-shirt Kumuda’s Links: LinkedIn – https://www.linkedin.com/in/kumudas/ Scott’s Links: Website – https://scott.keck-warren.com/ Bluesky – https://bsky.app/profile/scottkeckwarren.bsky.social LinkedIn –…

PHP Architect
Qwen3.6-27B: Flagship-Level Coding in a 27B Dense Model
IA Programmation

Qwen3.6-27B: Flagship-Level Coding in a 27B Dense Model

Qwen3.6-27B: Flagship-Level Coding in a 27B Dense Model Big claims from Qwen about their latest open weight model: Qwen3.6-27B delivers flagship-level agentic coding performance, surpassing the previous-generation open-source flagship Qwen3.5-397B-A17B (397B total / 17B active MoE) across all major coding benchmarks. On Hugging Face Qwen3.5-397B-A17B is 807GB, this new Qwen3.6-27B is 55.6GB. I tried it out with the 16.8GB Unsloth Qwen3.6-27B-GGUF:Q4_K_M quantized version and llama-server using…

Simon Willison's Weblog
Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions
Cybersécurité Programmation

Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions

Docker alerted Socket to malicious images pushed to the official checkmarx/kics Docker Hub repository after internal monitoring flagged suspicious new activity around KICS image tags. Our investigation found that attackers appear to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to a legitimate upstream release. Analysis of the poisoned image indicates that the bundled KICS binary was modified to include data…

Socket
Introducing Organization Notifications in Socket
Cybersécurité Programmation

Introducing Organization Notifications in Socket

Today, we’re excited to launch Organization Notifications in Socket. This new feature gives teams a direct way to stay on top of organization alert activity without relying on someone to constantly watch the dashboard. With Organization Notifications, you can subscribe to organization-level alert events, filter the kinds of alerts you care about, and send batched updates to a configured destination. We're launching the email channel type first, and Slack and Microsoft Teams support are planned…

Socket
Don’t Blame the Model
IA

Don’t Blame the Model

The following article originally appeared on the Asimov’s Addendum Substack and is being republished here with the author’s permission. Are LLMs reliable? LLMs have built up a reputation for being unreliable. Small changes in the input can lead to massive changes in the output. The same prompt run twice can give different or contradictory answers. […]

O'Reilly Radar — AI/ML
Quoting Bobby Holley
IA Programmation

Quoting Bobby Holley

As part of our continued collaboration with Anthropic, we had the opportunity to apply an early version of Claude Mythos Preview to Firefox. This week’s release of Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation. [...] Our experience is a hopeful one for teams who shake off the vertigo and get to work. You may need to reprioritize everything else to bring relentless and single-minded focus to the task, but there is light at the end of the tunnel. We…

Simon Willison's Weblog
Changes to GitHub Copilot Individual plans
IA Programmation

Changes to GitHub Copilot Individual plans

Changes to GitHub Copilot Individual plans On the same day as Claude Code's temporary will-they-won't-they $100/month kerfuffle (for the moment, they won't), here's the latest on GitHub Copilot pricing. Unlike Anthropic, GitHub put up an official announcement about their changes, which include tightening usage limits, pausing signups for individual plans (!), restricting Claude Opus 4.7 to the more expensive $39/month "Pro+" plan, and dropping the previous Opus models entirely. The key…

Simon Willison's Weblog
Esc