A compromised Nx Console extension (v18.95.0) with over 2.2 million installations was used to distribute a credential stealer that exfiltrates developer secrets and can publish signed, legitimate-looking npm packages.
Microsoft Exchange Server is being actively exploited, Cisco SD-WAN Controllers fall victim to authentication gaps, and trusted software packages are being manipulated; enterprises should prioritize patching less obvious risks to protect themselves from attack chain effects.
Four malicious npm packages from the same attacker distribute different malware: a DDoS botnet and infostealers, with one package cloning the newly published Shai-Hulud worm; users should immediately remove affected packages and reset their security credentials.
AI tools such as phishing-as-a-service and chatbots enable novices to commit fraud at scale, while organized crime groups can outsource technical aspects through them.
Google enhances the Google Pay API with new features for merchant-initiated payments, enabling better control over subscriptions, deferred payments and auto-reloads, plus increased transparency for users.
Google Genkit introduces a new middleware system for extending and securing AI applications, with modular hooks enabling retries, fallbacks, and human oversight—available in TypeScript, Go, and Dart, with Python support coming soon.
Starting March 2024, Google is allowing individual users to change their account username. The old email remains as an alternative and uses the same inbox. App developers should check whether their systems support this change.
Google extends its Genkit AI framework with a middleware system that enables developers to make agent-driven applications production-ready through interceptors, advanced error handling, and observability, with TypeScript, Go, and Dart support available.
Google now allows personal users to change their Gmail usernames without losing data or access, with the old email address retained as a linked address, and developers should review their integrations.
Google releases Gemma 4, an open-source model for local AI applications that supports autonomous agents, multi-step planning, and audio-visual processing in over 140 languages without requiring specialized fine-tuning.
Gemma 4 from Google DeepMind brings advanced AI agent capabilities to end devices, enabling autonomous planning and decision-making in over 140 languages without specialization or fine-tuning.
ADK Go 1.0 delivers observability through OpenTelemetry, safety guardrails, and YAML-based agent definitions for production-ready agent architectures in Go.