Researchers found malicious VS Code extensions and Go, npm, and Rust packages stealing developer data via hidden payloads and exfiltration.
Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a ...
North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...
A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with ...
A new worm is infecting NPM packages en masse and stealing credentials. The code of the malware contains the identifier “SHA1HULUD,” which is why security analysts are calling it “Shai-Hulud 2.0.” ...
North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages ...
PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and ...
Rapidly change your password, the Microsoft security team urges as Shai-Hulud Dune Worm cloud attacks continue.
React vulnerability CVE-2025-55182 exploited by crypto-drainers to execute remote code and steal funds from affected websites ...
Threat actors are still abusing Visual Studio Code extensions as an entry point, with the latest fake Prettier incident ...
Recent supply-chain breaches show how attackers exploit development tools, compromised credentials, and malicious NPM ...
Microsoft previews a GitHub Copilot-powered VS Code Insiders tool that modernizes JavaScript/TypeScript apps by upgrading npm ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback