News

JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
CSO Online2d

AI prompt injection gets real — with macros the latest hidden threat

Attackers are evolving their malware delivery tactics by weaponing malicious prompts embedded in document macros to hack AI ...

'WhiteCobra' floods VSCode market with crypto-stealing extensions

A threat actor named WhiteCobra has targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the ...
Blockonomi4d

JavaScript Libraries with 2 Billion Weekly Downloads Targeted in Crypto Theft Attempt

NPM supply chain attack compromised 18 popular JavaScript packages, swapping crypto wallet addresses, but quick detection ...