Ever heard of 'quishing'? NordVPN warns the future of scams lies in QR codes – and shares some tips on how to stay safe

NordVPN warns that QR code attacks are escalating, with a staggering 26 million individuals already potentially exposed to ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
SecurityWeek

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.
SD Times

New open source tools to detect, defend against malicious code

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
Bleeping Computer

Apiiro unveils free scanner to detect malicious code merges

Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. The two ...

Researchers warn OpenClaw users after malicious plugins surface on ClawHub

OpenClaw’s plugin marketplace, ClawHub, has come under security scrutiny after researchers uncovered a large number of malicious plugins embedded within the platform. Blockchain security firm SlowMist ...
Dark Reading

GenAI Writes Malicious Code to Spread AsyncRAT

Threat actors have used generative artificial intelligence (GenAI) to write malicious code in the wild to spread an open source remote access Trojan (RAT). It's one of the first observed examples of ...
Ars Technica

Hundreds of e-commerce sites hacked in supply-chain attack

Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that executes malicious code inside the browsers of visitors, where it can steal payment ...
Infosecurity-magazine.com

Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign

An unknown threat actor is deploying a large-scale, sophisticated cryptojacking campaign through a series of malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor, ...
TechRepublic

Hackers Can Hide Malicious Code in Gemini’s Email Summaries

Hackers Can Hide Malicious Code in Gemini’s Email Summaries Your email has been sent Google’s Gemini chatbot is vulnerable to a prompt-injection exploit that could trick users into falling for ...
SiliconANGLE

Bad code, malicious models and rogue agents: Cybersecurity researchers scramble to prevent AI exploits

When it comes to dealing with artificial intelligence, the cybersecurity industry has officially moved into overdrive. Vulnerabilities in coding tools, malicious injections into models used by some of ...