Dark Reading

'Contagious Interview' Attack Now Delivers Backdoor Via VS Code

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no ...
The Hacker News

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

North Korean hackers abuse Visual Studio Code task files in fake job projects to deploy backdoors, spyware, and crypto miners ...
GitHub

Gemini CLI Security Extension

The Security extension is an open-source Gemini CLI extension, built to enhance your repository's security posture. The extension adds a new command to Gemini CLI that analyzes code changes to ...
GitHub

is-my-code-great

- name: is my code great? uses: alienengineer/is-my-code-great@v0 with: base-branch: main # Optional, set to the branch you want to compare against verbose: true ...

This WebUI vulnerability allows remote code execution - here's how to stay safe

Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection features Exploitation could enable account takeover and RCE via malicious model URLs and Functions API ...
The Hacker News

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the ...
IEEE

Behavior Tree and Action Primitive (BTAP) Enabled Low-Code/No-Code Program for Robot Task Execution

Abstract: Robot skill reconfiguration often disrupts system continuity in dynamic flexible production systems, particularly in mixed-model assembly. To address this challenge, this article proposes ...
Bleeping Computer

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. Previously spread through pirated software ...