The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.
GitHub

Globally Unique ID Generator

Package xid is a globally unique id generator library, ready to safely be used directly in your server code. Xid uses the Mongo Object ID algorithm to generate globally unique ids with a different ...
Cryptopolitan

Attackers trojanized Arweave’s WeaveDB npm package to deploy malware

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...

Getting started

This guide will cover the basics of installing the Glow JavaScript library, and a few simple examples of using Glow to get you started. We are assuming you have at least a working knowledge of ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
theregister

Shai-Hulud copycat worm infects yet another npm package

A Shai-Hulud copycat has turned up in yet another npm package just five days after TeamPCP open sourced the worm and announced a supply-chain attack competition on BreachForums. Plus, the same scumbag ...