News

The Hacker News3d
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
VS Code extensions deployed sandbox-evasive malware to steal system data, developer credentials, and crypto wallets.
CSO Online2d
Hackers drop 60 npm bombs in less than two weeks to recon dev machines
All malicious npm packages carried identical payloads for snooping sensitive network information from developers’ systems.
Developer Tech6d
60 malicious npm packages caught mapping developer networks
The npm registry is once again in the spotlight, this time battling a malware campaign using malicious packages to map ...
SecurityWeek21d
Malicious NPM Packages Target Cursor AI’s macOS Users
Three NPM packages posing as developer tools for Cursor AI code editor ... and file-patching routines, albeit they use different hardcoded domains. The attack, Socket warns, could lead not only to ...
The Droid Guy9d
Cursor vs Replit: Which Is Better for Vibe Coding Your Next App?
Cursor is a fork of Visual Studio Code rebuilt from the ground up for AI-assisted development. It looks and feels like VS ...
Ten years of OSSRA: what a decade of data tells us about the state of open source security
Use precise geolocation data and actively scan device characteristics for identification. This is done to store and access ...
GitHub14d
Different behaviour between CDN officejs and NPM package #5710
The add-in I'm trying to get this working for is a non-public add-in installed to Admin Managed O365 clouds by clients. Client and internal security policies prevent referencing external CDN code ...