Security News

Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. [...]

A new, improved variant of the XCSSET macOS malware has been spotted “in limited attacks” by Microsoft’s threat researchers. XCSSET macOS malware XCSSET in information-stealing and...

FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff US authorities have labelled buffer overflow vulnerabilities "unforgivable defects”,...

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. [...]

Cryptojackers are impersonating Crowdstrike via email to get developers to unwittingly install the XMRig cryptocurrency miner on their Windows PC, the company has warned. The email Crowdstrike has...

Screenshot showed it wasn't a possible attack – unless you qualify everything Google does as a threat On Call Velkomin, Vælkomin, Hoş geldin, and welcome to Friday, and therefore to another...

CrowdStrike is warning that a phishing campaign is impersonating the cybersecurity company in fake job offer emails to trick targets into infecting themselves with a Monero cryptocurrency miner...

North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers. [...]

Malicious Visual Studio Code extensions were discovered on the VSCode marketplace that download heavily obfuscated PowerShell payloads to target developers and cryptocurrency projects in supply...

No attacks possible, but enough issues to cause concern Messaging giant WeChat uses a network protocol that the app's developers modified – and by doing so introduced security weaknesses,...