ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in Malicious Open-Source Packages

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...
The Caledonian-Record

Sonatype Research Reveals OSS Malware Grows 75% as Yearly Open Source Downloads Surpass 9.8 Trillion

Sonatype ®, the leader in AI-driven DevSecOps, today unveiled the 2026 State of the Software Supply Chain® report. Backed by Maven Central ...

RenderATL 2026 to Host OpenJS Summit: Spotlighting the Future of JavaScript

Additional details for RenderATL 2026 and the OpenJS Summit, including programming themes and speaker participation, will be announced in the coming months. For more information about RenderATL, ...
CSO Online

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and ...
The American Bazaar

Cybersecurity firm Cyble uncovers android banking malware targeting Iranian users

Cyble uncovers deVixor Android banking trojan targeting Iranian users via phishing, ransomware, SMS theft, and credential ...
Dark Reading

'Contagious Interview' Attack Now Delivers Backdoor Via VS Code

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no ...
How-To Geek on MSN

The hidden dangers of downloading GitHub projects: How to stay safe

Running an .exe from GitHub is a leap of faith. Here is how I keep things secure.

10 things I learned from burning myself out with AI coding agents

Like all AI models based on the Transformer architecture, the large language models (LLMs) that underpin today’s coding ...

Inside SearchGuard: How Google detects bots and what the SerpAPI lawsuit reveals

We fully decrypted SearchGuard, the anti-bot system protecting Google Search. Here's exactly how Google tells humans and bots ...

Watch out - this devious new Android malware clicks on hidden browser ads

Android malware uses AI to trick traditional defenses ...