InfoWorld

New Shai-Hulud worm spreading through npm, GitHub

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers.
GitHub

Visual Studio setup cleaner (vssc) is a command line tool for cleaning up outdated Visual Studio installation packages.

It has only been tested on Windows 10/11 for Visual Studio 2019 Community. In theory it should be able to handle all versions from 2017 to 2022. Since it is written in Go and does not use any ...
CSO Online

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...
Cryptopolitan on MSN

Malicious VS Code extensions resurface, stealing GitHub credentials and crypto wallets

Developers will have to contend with a dormant turned active malicious code on Visual Studio Code (VS Code) extensions, which ...
TechRadar

Dangerous npm packages are targeting developer credentials on Windows, Linux and Mac - here's what we know

Ten typosquatted npm packages delivered infostealing malware to nearly 10,000 systems Malware targeted system keyrings, bypassing app-level security to steal decrypted credentials Affected users must ...