Three more VS Code extensions were infected last week and the malware has emerged in GitHub repositories as well.
The post GlassWorm Malware Returns to Open VSX, Emerges on GitHub appeared first on SecurityWeek.
Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks
Arbitrary command/code execution has been demonstrated through the exploitation of CVE-2025-11953 on Windows, macOS and Linux.
The post Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks appeared first on SecurityWeek.
Bugcrowd Acquires Application Security Firm Mayhem
Bugcrowd said the acquisition of Mayhem has nearly doubled its valuation — previously reported at over $1 billion.
The post Bugcrowd Acquires Application Security Firm Mayhem appeared first on SecurityWeek.
Who is Zico Kolter? A Professor Leads OpenAI Safety Panel With Power to Halt Unsafe AI Releases
Kolter leads a panel at OpenAI that has the authority to halt the ChatGPT maker’s release of new AI systems if it finds them unsafe.
The post Who is Zico Kolter? A Professor Leads OpenAI Safety Panel With Power to Halt Unsafe AI Releases appeared first on SecurityWeek.
Webinar Today: Fact vs. Fiction – The Truth About API Security
Get practical guidance to protect APIs against the threats attackers are using right now.
The post Webinar Today: Fact vs. Fiction – The Truth About API Security appeared first on SecurityWeek.
GitHub Boosting Security in Response to NPM Supply Chain Attacks
GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing.
The post GitHub Boosting Security in Response to NPM Supply Chain Attacks appeared first on SecurityWeek.
Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit
The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public.
The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit appeared first on SecurityWeek.
Highly Popular NPM Packages Poisoned in New Supply Chain Attack
Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments.
The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek.
GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets
A supply chain attack called GhostAction has enabled threat actors to steal secrets and exploit them.
The post GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets appeared first on SecurityWeek.
US, Allies Push for SBOMs to Bolster Cybersecurity
SBOM adoption will drive software supply chain security, decreasing risks and costs, and improving transparency.
The post US, Allies Push for SBOMs to Bolster Cybersecurity appeared first on SecurityWeek.
