You can now browse and install PowerToys Command Palette extensions within the app

The latest PowerToys update introduces a built‑in Extension Gallery and brings improvements to Dock, PowerDisplay, and ZoomIt ...

GitHub pulls pin on npm's auto-run scripts

GitHub will change npm's defaults so the install command no longer runs scripts automatically, disabling a feature commonly ...

Microsoft explains why PowerToys 0.100.0 is faster and slimmer, there are new features too

Microsoft has explained how a recent optimization move has made PowerToys significantly faster and smaller. There are new ...

NotebookLM now exports to Excel, PowerPoint, and PDF

Google upgrades NotebookLM with Gemini 3.5: The AI tool now creates Excel spreadsheets, PowerPoint slides, and PDFs – initially for paying subscribers.
Cryptopolitan

Attackers trojanized Arweave’s WeaveDB npm package to deploy malware

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...
The Hacker News

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
InfoQ

Next.js 16.2: 400% Faster Dev Startup, Faster Rendering, and Deeper Tooling for AI Agents

Vercel has released Next.js 16.2, featuring performance enhancements that make development startup 400% faster and rendering ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

How to get your files off an Android phone with a broken screen - for free

If you've ever broken your phone's screen but still wanted to get data or files from it, you know how painful that can be, ...
Android

Infostealer Malware Sneaks into Popular Codex UI Tool After One Month of Building Trust

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...
MUO on MSN

I rebuilt my Windows workflow around a tiling WM and stopped reaching for the mouse

Komorebi's install is still a bit of an adventure, but keyboard workflow it unlocks is worth every minute of it ...