InfoWorld

Threat actors are spreading malicious extensions via VS marketplaces

There isn’t a consistent threat model for extension marketplaces yet, McCarthy said, making it difficult for any platform to ...
Decrypt

North Korean Hackers Target Crypto Devs Through Open-Source Software Hub

North Korean hackers used fake recruiter lures and npm packages to target crypto developers in a large-scale supply-chain ...
The Hacker News

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...
InfoWorld

OpenAI Codex rivals Claude Code

Codex gives software developers a first-rate coding agent in their terminal and their IDE, along with the ability to delegate ...
PC Gamer

You can install the new Xbox Full screen experience mode for Windows on handhelds but whether it will work is another question entirely

Handheld Gaming PCs Forget the ROG Xbox Ally, for $600 this October Prime Day I'd be picking up a 1 TB Lenovo Legion Go Handheld Gaming PCs The ROG Xbox Ally borrows a heck of a lot from the Steam ...
TechRadar

A terrifying, self-replicating malwaere has infected npm packages with over 2 million downloads per week - here's how to stay safe

A new supply-chain attack compromised at least 187 npm packages, targeting developer secrets across software projects Shai-Hulud worm looks to steal credentials, modify packages, and spread malware ...
Infosecurity-magazine.com

Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets

For the third time in just a few weeks, experts are warning of a significant threat to the open source npm ecosystem, after discovering a first-of-its-kind worm designed to steal secrets. On Monday, ...
Infosecurity-magazine.com

Open Source Community Thwarts Massive npm Supply Chain Attack

A potential npm supply chain disaster was averted in record time after attackers took over a verified developer’s credentials. On September 8, Josh Junon, a developer with over 1800 GitHub ...
CSOonline

Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep flaws in the open-source trust model. A massive supply chain attack ...
SiliconANGLE

Massive npm hack poisons 18 packages with billions of downloads

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after attackers injected malware into 18 popular packages that together account for ...
CoinDesk

Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads

Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s ...
CoinTelegraph

Largest NPM attack in crypto history stole less than $50: SEAL

Hackers broke into the node package manager (NPM) account of a well-known software developer and added malware to popular JavaScript libraries, targeting crypto wallets. ”Picture this: you compromise ...