Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...
The Hacker News

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

Researchers found a fake Ethereum helper package on crates.io that secretly downloaded OS-specific payloads and executed them ...
The Hacker News

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Malicious npm package mimics an ESLint plugin, embeds an AI-tricking prompt, and steals environment variables via a ...
SecurityWeek

Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors

A threat actor has published over a hundred malicious extensions that can track and profile Chrome and Microsoft Edge users ...
Axios on MSN

Exclusive: Researchers trick Claude plug-in into deploying ransomware

An AI tool that Claude uses to automate tasks can be easily weaponized to execute ransomware, Cato Networks found in new ...