Amazon was forced to urgently withdraw a compromised version of its AI-powered programming assistant, Q, after a malicious instruction was covertly embedded into the system. This rogue directive prompted the assistant to exploit command-line...
A major incident has rocked the npm ecosystem: the widely-used package eslint-config-prettier suddenly received an update devoid of any corresponding changes on GitHub. Developers quickly grew suspicious—and with good reason. The package’s maintainer later...
Cybersecurity specialists at cside have uncovered a vast and covert cryptocurrency mining campaign that has compromised over 3,500 websites—marking the largest incident of its kind in recent years and signaling the resurgence of tactics...
The hacking collective known as EncryptHub—also tracked as LARVA-208 and Water Gamayun—has launched a new wave of attacks specifically targeting developers within the Web3 ecosystem. Their aim: to infect victims with data-stealing malware capable...
Three malicious scripts have been discovered in the Arch User Repository (AUR)—a community-driven repository for Arch Linux user packages—used to deploy the CHAOS RAT trojan. These scripts, uploaded by a user operating under the...
Hackers have successfully injected malicious code into popular npm packages by leveraging a phishing campaign against project maintainers. The attackers orchestrated a targeted campaign aimed at developers stewarding key projects and managed to steal...
A recent data breach has exposed a critical vulnerability in the systems of Paradox.ai, the developer behind AI-powered chatbots used in recruitment processes at McDonald’s and other Fortune 500 corporations. The cause of this...
A counterfeit extension for the Cursor AI development environment, masquerading as a legitimate Ethereum utility, has resulted in a major cybersecurity incident—a Russian cryptocurrency developer lost half a million dollars due to the extension’s...
A Russian blockchain developer has fallen victim to a targeted attack executed through a counterfeit extension within the Cursor AI environment, resulting in the theft of approximately $500,000 worth of cryptocurrency. The incident was...
An attack on the Visual Studio Code extension known as Ethcode has compromised the security of more than 6,000 developers worldwide. The incident stemmed from the insertion of malicious code into this widely used...
A new threat has emerged in the realm of AI-assisted programming, known as “slopsquatting.” This attack has become particularly dangerous amid the surging popularity of AI coding assistants like Claude Code CLI, OpenAI Codex...
Corporate laptops and production servers typically have robust security monitoring in place to reduce risk and meet compliance requirements. However, CI/CD runners, which handle sensitive information like secrets for cloud environments and create production...
A new wave of malicious npm packages has been uncovered, linked to the ongoing Contagious Interview operation, which has been attributed to North Korean threat actors. The discovery was made by the cybersecurity firm...
One of the world’s leading cryptocurrency tracking platforms, CoinMarketCap, has fallen victim to a sophisticated cyberattack. Visitors to the site were unexpectedly confronted with intrusive Web3 pop-ups, seemingly inviting them to connect their wallets....
The popular service Top.gg, aiding users in finding servers and bots for Discord, suffered from a supply chain attack. Malefactors injected malicious code into Python packages used by bot developers, evidently aiming to steal...