The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
Cryptopolitan

Hackers plant 73 sleeper extensions in OpenVSX to steal crypto wallets

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...
InfoQ

npmx Reaches Alpha: Community Driven Alternative Browser for the npm Registry

Daniel Roe and over 250 contributors. It emphasizes speed and features absent in the official npmjs.com interface, such as ...
CSO Online

More fake extensions linked to GlassWorm found in Open VSX code marketplace

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...

How to install fonts in Windows 11 and Windows 10 (3 easy methods)

A new font can be a great way to spice up your PC projects. But you need to install them to use them. Here's how to install ...
The Hacker News

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

How to use Codex to build a Website

What makes Codex useful for building websites is that it can install software packages, run a local preview server, track ...
CPO Magazine

Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...
MUO on MSN

This open-source app made every download manager I used before feel unnecessary

I installed it to test, then stopped opening my old download managers.