The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
Malicious npm packages mimicking Rollup polyfill tooling steal browser data, crypto wallets, and AI tool credentials in a Lazarus-linked campaign.
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
MongoDB makes its full-text and vector search available for self-managed installations, including the Community Edition.
VS Code 1.127 enhances agent session management, introduces per-site browser permissions, and makes browser tools for agents ...
Learn how to build a second brain using Claude and Obsidian to create a persistent, local AI memory that remembers your ...
StegoAd Microsoft Edge extensions malware affected up to 2.6 million users after the company removed 119 add-ons that hid ...
CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a ...
Stop coding without these extensions ...
A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure.
Turns out the fix was in the Chrome Web Store ...