Dark Reading

150,000 Packages Flood NPM Registry in Token Farming Campaign

A self-replicating attack led to a tidal wave of malicious packages in the NPM registry, targeting tokens for the tea.xyz ...
InfoWorld

Visual Studio Code unifies UI for managing coding agents

Agent HQ provides a single location for managing both local and remote coding agents and introduces a plan agent that breaks ...
InfoWorld

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
Cryptopolitan

3 VS Code extensions stealing credentials for GitHub, VSX, and crypto wallets

Developers will have to contend with a dormant turned active malicious code on Visual Studio Code (VS Code) extensions, which ...
CSO Online

Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace

A suspicious Visual Studio Code extension with file-encrypting and data-stealing behavior successfully bypassed marketplace ...
The Hacker News

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities ...
CSO Online

Modern supply-chain attacks and their real-world impact

Supply-chain attacks have evolved considerably in the las two years going from dependency confusion or stolen SSL among ...
The Register on MSN

Invisible npm malware pulls a disappearing act – then nicks your tokens

PhantomRaven slipped over a hundred credential-stealing packages into npm A new supply chain attack dubbed PhantomRaven has flooded the npm registry with malicious packages that steal credentials, ...
InfoQ

NPM Ecosystem Suffers Two AI-Enabled Credential Stealing Supply Chain Attacks

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. This article dives into the happens-before ...