WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for ...

From Prompt to Publish, Google Firebase Studio Creates Full Stack Apps & Hosts Them

Firebase Studio lets you build complete projects fast with templates for Next.js, Express, and Flutter, so you launch working ...

Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain ...
The Hacker News

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

PyStoreRAT spreads via fake GitHub tools using small Python or JavaScript loaders to fetch HTA files and install a modular ...

Microsoft Worm Attack Warning — Act Rapidly And Change Passwords Now

Rapidly change your password, the Microsoft security team urges as Shai-Hulud Dune Worm cloud attacks continue.
InfoWorld

Did your npm pipeline break today? Check your ‘classic’ tokens

A spate of supply chain attacks forces GitHub’s npm to revoke ‘classic’ tokens. Despite this, larger worries about developer ...
Dark Reading

Attackers Exploited Gogs Zero-Day Flaw for Months

Wiz disclosed a still-unpatched vulnerability in self-hosted Git service Gogs, which is a bypass for a previous RCE bug ...
Visual Studio Magazine

Threat Actors Keep Weaponizing VS Code Extensions

Threat actors are still abusing Visual Studio Code extensions as an entry point, with the latest fake Prettier incident showing a multi-stage path from marketplace install to credential theft and full ...

India becoming world’s most important AI developer hub, says GitHub

Unlike ChatGPT’s explosive kick to the front door to grab the world’s attention, GenAI’s inroads into software development ...