InfoWorld

WhatsApp API worked exactly as promised, and stole everything

Malicious npm package posing as a WhatsApp Web API library operated for months as a functional dependency while stealing ...

Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
TechJuice

Developers Hit as Fake WhatsApp API Package Emerges on npm

Security researchers discovered a fake WhatsApp API package on npm that steals developer credentials, raising fresh alarms ...

Malicious VSCode Marketplace extensions hid trojan in fake PNG file

A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with ...
heise online

Shai-Hulud 2: New version of NPM worm also attacks low-code platforms

A new worm is infecting NPM packages en masse and stealing credentials. The code of the malware contains the identifier “SHA1HULUD,” which is why security analysts are calling it “Shai-Hulud 2.0.” ...
CPO Magazine

North Korean Hackers Target Developers with Nearly 200 Malicious NPM Packages in “Contagious Interview” Hacking Campaign

North Korean hackers intensify their efforts against blockchain and Web3 developers, using nearly 200 malicious npm packages in the ongoing Contagious Interview hacking campaign.
Visual Studio Magazine

Microsoft Tests Copilot-Powered Tool to Modernize JavaScript/TypeScript in VS Code

Microsoft previews a GitHub Copilot-powered VS Code Insiders tool that modernizes JavaScript/TypeScript apps by upgrading npm ...

WhatsApp Web Users At Security Risk! Hackers May Be Reading Your Messages Silently: All You Need To Know

Over the past six months, the fake package has reportedly been downloaded more than 56,000 times., Technology & Science, ...

Microsoft Worm Attack Warning — Act Rapidly And Change Passwords Now

Rapidly change your password, the Microsoft security team urges as Shai-Hulud Dune Worm cloud attacks continue.

Why a secure software development life cycle is critical for manufacturers

Recent supply-chain breaches show how attackers exploit development tools, compromised credentials, and malicious NPM ...
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors are still abusing Visual Studio Code extensions as an entry point, with the latest fake Prettier incident showing a multi-stage path from marketplace install to credential theft and full ...