Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

‘I struggle to buy food because self-checkouts aren’t designed for wheelchair users’

A woman who uses a wheelchair says she’s often unable to pay for her weekly food shop because of supermarket self-checkouts. Toyin Fabusiwa, 26, posted a video of her struggling to scan her groceries ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Security Boulevard

There’s Always Something: Secrets Detection at Engagement Scale with Titus

TL;DR: Titus is an open source secret scanner from Praetorian that detects and validates leaked credentials across source code, binary files, and HTTP traffic. It ships with 450+ detection rules and ...