In the wake of the massive Shai-Hulud supply chain attack that ripped through npm late last year and compromised more than 700 packages and exposed 25,000 repositories, developers in the JavaScript world ...

Jamf security researchers said state-sponsored espionage actors are using malicious VS Code projects to steal information ...

Threat actors behind the virulent Shai-Hulud worm that wreaked havoc in open npm repositories toward the end of 2025 apparently are trying out a new strain that comes with slight modifications. Security ...

The attacker introduced malicious Python code that would expose secrets like authentication credentials in public repositories ...

AI hallucinations – the occasional tendency of large language models to respond to prompts with incorrect, inaccurate or made-up answers – have been an ongoing concern as the enterprise adoption of generative ...

Developers were the targets of two new malicious Microsoft Visual Studio Code (VS Code) extensions created by a threat actor that security researchers believe is experimenting with methods for delivering information-stealing malware ...

A malicious Rust package that was found to be downloading payloads aimed at stealing cryptocurrency was removed from the crates.io Rust package registry, along with another package by the same author that ...

Researchers with cybersecurity firm Wiz earlier this year discovered, almost by chance, a significant supply chain risk and massive secrets leak in the Visual Studio Code and OpenVSX marketplaces that they said ...

A threat group is dropping two dozen malicious extensions into the VSCode and Open VSX marketplaces, targeting developers using the VSCode, Cursor, and Windsurf source code editing tools with the goal of ...

The Nx build system was hit by a supply chain attack dubbed “s1ngularity,” leaking thousands of secrets and exploiting AI tools for data theft ...