Security News

Ex-NSA chief warns AI devs: Don’t repeat infosec’s early-day screwups
2025-04-23 10:34

Bake in security now or pay later, says Mike Rogers AI engineers should take a lesson from the early days of cybersecurity and bake safety and security into their models during development, rather...

Package hallucination: LLMs may deliver malicious code to careless devs
2025-04-14 12:38

LLMs’ tendency to “hallucinate” code packages that don’t exist could become the basis for a new type of supply chain attack dubbed “slopsquatting” (courtesy of Seth Larson, Security...

Infostealer campaign compromises 10 npm packages, targets devs
2025-03-27 20:22

Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. [...]

The XCSSET info-stealing malware is back, targeting macOS users and devs
2025-02-17 17:40

A new, improved variant of the XCSSET macOS malware has been spotted “in limited attacks” by Microsoft’s threat researchers. XCSSET macOS malware XCSSET in information-stealing and...

Feds want devs to stop coding 'unforgivable' buffer overflow vulnerabilities
2025-02-13 01:29

FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff US authorities have labelled buffer overflow vulnerabilities "unforgivable defects”,...

Malicious PyPi package steals Discord auth tokens from devs
2025-01-17 19:16

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. [...]

Job-seeking devs targeted with fake CrowdStrike offer via email
2025-01-10 12:20

Cryptojackers are impersonating Crowdstrike via email to get developers to unwittingly install the XMRig cryptocurrency miner on their Windows PC, the company has warned. The email Crowdstrike has...

Devs sent into security panic by 'feature that was helpful … until it wasn't'
2025-01-10 08:30

Screenshot showed it wasn't a possible attack – unless you qualify everything Google does as a threat On Call Velkomin, Vælkomin, Hoş geldin, and welcome to Friday, and therefore to another...

Fake CrowdStrike job offer emails target devs with crypto miners
2025-01-09 21:30

CrowdStrike is warning that a phishing campaign is impersonating the cybersecurity company in fake job offer emails to trick targets into infecting themselves with a Monero cryptocurrency miner...

New 'OtterCookie' malware used to backdoor devs in fake job offers
2024-12-26 16:53

North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers. [...]