While half the internet spent an entire week panicking because Microsoft Edge temporarily loaded passwords…
Browsing: security
GitHub confirmed that 3,800 internal repositories were breached after an employee installed a malicious VSCode extension from Microsoft’s official marketplace. The TeamPCP hacker group claimed responsibility and is selling the stolen code for at least $50,000.
Attackers compromised the npm ‘atool’ account and published 637 malicious versions across 317 packages in 22 minutes, including high-traffic projects like size-sensor and echarts-for-react. The sophisticated payload harvests credentials, establishes persistent backdoors, and exploits GitHub’s infrastructure for command-and-control operations.
Linus Torvalds says AI-generated bug reports are flooding Linux security lists with duplicates and low-quality submissions. The automation meant to improve security is actually making security work harder by creating massive amounts of unvalidated noise.
Another npm supply chain attack leaves JavaScript developers mystified by this completely unpredictable monthly occurrence. Other ecosystems with actual security measures report zero incidents, as usual.