We regret to inform you that there are more npm supply chain attacks this week, and a new variant of the Shai Hulud worm is involved. We also talk about the new analysis from Anthropic on a year of data relating to how attackers are using AI in their operations, and the continuing adventures of Microsoft's relationship with security researchers.