News

Infosecurity Magazine5h

Cursor Autorun Flaw Lets Repositories Execute Code Without Consent

A newly disclosed flaw in the Cursor extension allows repositories to automatically execute code when a folder is opened, ...

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

A new digital supply chain attack has targeted popular open-source npm packages with at least two billion downloads per week. On Sept. 8, Josh Junon, a package maintainer whose account was at the ...

Crypto stolen by hackers in largest NPM attack

Crypto users area take extreme caution. The recent attack on the Node Package Manager (NPM) packages of a well-known ...

Ledger CTO warns of shocking NPM attacks by crypto hackers

Charles Guillemet, CTO at the crypto wallet platform Ledger, warned the crypto community to be cautious while executing ...
Infosecurity Magazine1d

Open Source Community Thwarts Massive npm Supply Chain Attack

What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source ...