The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...

Deno 2.7 sharpens Node.js compatibility and stabilizes Temporal

Version 2.7 of the runtime for JavaScript and TypeScript stabilizes the Temporal API, introduces npm overrides, and ...

Chainguard Customers Have 94% Python Ecosystem Coverage for Their Environments

Chainguard, the trusted source for open source, today announced it has expanded Chainguard Libraries coverage across Python, Java, and JavaScript, with customers seeing 94% coverage across the Python ...
Cybernews

Malicious NPM package racks up 50,000 infections in days, developers fully compromised

A malicious NPM package, ambar-src, mimicking a popular JavaScript framework, was downloaded nearly 50,000 times in a few ...
Hoodline

San Antonio AI Researchers Sound Alarm On Phantom Package Trap

UTSA: ~20% of AI-suggested packages don't exist. Slopsquatting could let attackers slip malicious libs into projects.

SafePrompt Launches Prompt Injection Protection API for AI Developers

Developer-first security tool blocks AI manipulation attacks in under 100 milliseconds with a single API call Our goal ...

Microsoft moves, with others, to help create the Node.js Foundation

Microsoft, following the lead of many others, has moved to help create the Node.js Foundation. Redmond joins Joyent, the corporate steward of the open source project, along with Fidelity, IBM, The ...

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...
CSO Online

Your personal OpenClaw agent may also be taking orders from malicious websites

A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without ...