The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.
GitHub

Multi-Agent Collaboration Design Patterns with LangGraph

AgentFlow is a curated collection of battle-tested multi-agent design patterns built on LangGraph. Each pattern includes complete code, architecture diagrams, use-case analysis, and performance ...