Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
VS Code 1.127 enhances agent session management, introduces per-site browser permissions, and makes browser tools for agents ...
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a ...
A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini ...
The move lets IT administrators standardize and distribute agent behaviors across engineering teams, but OpenAI’s third-party marketplace is not yet open. OpenAI has introduced a plugin system for ...
The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious ...
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
Just yesterday, we noted the growing threat of ransomware. Now, Jamf Threat Labs is warning that North Korean threat actors are abusing Visual Studio Code task configuration files for malware delivery ...
Please create an issue before adding a rating. Keep in mind that I work full-time. I'd LOVE to have more contributors. See the Contributing section below. yarn add -D ...
The PROSE research and engineering team, led by Sumit Gulwani, works on groundbreaking AI projects, including model training and end-to-end experiences, for a variety of applications such as IDEs and ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results