Leaked Shai-Hulud malware fuels new npm infostealer campaign

The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected ...

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source ...
Infosecurity Magazine

AI-Generated npm Malware Leaks Its Own GitHub Token

The fatal flaw was a hardcoded fallback token left in the code. Because the malware carried the operator's own GitHub credential, researchers could trace the exfiltration directly, observing around ...

A Java library just tried to trick AI coding agents into deleting your tests, and it almost worked

The latest flare-up in the debate over AI-assisted coding did not come from a new model release or a benchmark result. It came from a single ...
Bleeping Computer

Fake OpenAI repository on Hugging Face pushes infostealer malware

A malicious Hugging Face repository that reached the platform’s trending list impersonated OpenAI’s “Privacy Filter” project to deliver information-stealing ...
heise online

After malware attack: Criminals used DigiCert's codesigning certificates

In April, the certification authority DigiCert issued several Code Signing Certificates to malware authors. The attackers had previously compromised the computers of customer service employees at ...

This AI-coded malware apparently leaked its own GitHub private token

Whoopsie.

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...
Nature

Binary fingerprints help in the fight against cyberattacks

Malware and software ‘viruses’ insert themselves in infected systems as binary code, 1s and 0s that execute nefarious functions at the system level. To analyze and counter malware attacks, ...
Infosecurity-magazine.com

Fake Claude Code Page Pushes PowerShell Stealer at Devs

A previously undocumented information stealer has been distributed through fake Claude Code installation pages, hijacking Chromium browsers to bypass App-Bound Encryption and exfiltrate cookies, ...
Hosted on MSN

Setting Up Meteor Client 26.1.2 and Fabric for Safe, High-Performance Modding in 2026

The Minecraft modding scene has evolved rapidly in 2026, with Fabric Loader becoming the go-to for lightweight performance and Meteor Client leading the utility mod space with its latest 26.1.2 ...