Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...
CSO Online

Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads

Malware hidden in widely used libraries like chalk and debug hijacked crypto transactions via browser APIs, exposing deep ...

Massive npm hack poisons 18 packages with billions of downloads

Aikido Security Ltd. today disclosed what is being described as the largest npm supply chain compromise to date, after ...

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...
SecurityWeek

Organizations Warned of Exploited Git Vulnerability

CISA urges federal agencies to immediately patch an exploited arbitrary file write vulnerability in Git that leads to remote code execution. The US cybersecurity agency CISA on Monday warned that a ...
Bleeping Computer

Fake WhatsApp developer libraries hide destructive data-wiping code

Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer's computers. Two malicious NPM ...
The Hacker News

Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval

Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in remote code execution. The vulnerability, ...
SecurityWeek

Several Vulnerabilities Patched in AI Code Editor Cursor

Attackers could silently modify sensitive MCP files to trigger the execution of arbitrary code without requiring user approval. A vulnerability in the AI code editor Cursor allowed remote attackers to ...
Wired

Cursor’s New Bugbot Is Designed to Save Vibe Coders From Themselves

One of the most popular platforms for AI-assisted programming says the next era of vibe coding is all about supercharging error detection. The new tool, Bugbot ...
The New York Times

How a Frantic Scouring of the Epstein Files Consumed the Justice Dept.

There was a single goal in mind: find something — anything — that could be released to the public to satisfy President Trump’s supporters. There was a single goal in mind: find something — anything — ...
Geeky Gadgets

5 Claude Code Strategies That Will Save You Hours of Debugging

Have you ever felt overwhelmed by the sheer complexity of managing your development projects? From debugging tangled codebases to juggling multiple tasks, it’s easy to feel like you’re drowning in ...
TechCrunch

Elon Musk’s xAI launches Grok 4 alongside a $300 monthly subscription

Elon Musk’s AI company, xAI, late on Wednesday released its latest flagship AI model, Grok 4, and unveiled a new $300-per-month AI subscription plan, SuperGrok Heavy. The expectations are high for ...