North Korean hackers are targeting open source software developers with a backdoor and an information stealer as part of a ...
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a ...
VS Code 1.26 prevents automatic code execution for new project folders, lets users configure whether code can be executed ...
A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini ...
The move lets IT administrators standardize and distribute agent behaviors across engineering teams, but OpenAI’s third-party marketplace is not yet open. OpenAI has introduced a plugin system for ...
This VS Code extension provides support for the R programming language, including features such as R language service based on code analysis, interacting with R terminals, viewing data, plots, ...
The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious ...
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
Just yesterday, we noted the growing threat of ransomware. Now, Jamf Threat Labs is warning that North Korean threat actors are abusing Visual Studio Code task configuration files for malware delivery ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results