AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote…
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat…
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of…
The Hardest Fork
Mythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and…
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development…
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50…
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of…
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly…
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than…
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked…
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security…
Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake…
Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories
Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact"…
Over 100 VS Code Extensions Exposed Developers to Hidden Supply Chain Risks
New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by…
Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons…