Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

What makes Codex useful for building websites is that it can install software packages, run a local preview server, track ...

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a high-agency, reliable, and commercially viable AI agent.

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...

A malicious version of the Bitwarden command-line interface (CLI) password manager was briefly distributed via the Node ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed ...

Hiding in imposter sites, GitHub downloads, and YouTube links, this infostealer is designed to hijack accounts and drain ...