Dark Reading

With Complex Cloud Integrations, Small Errors Lead to Major Compromises

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.
Martin Cid Magazine

GlassWorm hid invisible code in VS Code extensions for a year before its takedown

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...
Computer Weekly

Glassworm botnet that targeted OS devs smashed to pieces

CrowdStrike, Google and the Shadowserver Foundation worked together to take down a botnet that poisoned over 300 GitHub ...
CoinJournal

TrapDoor attack targets crypto wallets, AWS keys and GitHub tokens

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.
Tech Times

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...
Tech Times

GitHub CISO Names Nx Console as Root of 3,800-Repo Breach: OpenAI, Grafana Also Hit

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...
MacStories

Introducing Shortcuts Playground: Create Apple Shortcuts with Claude Code or Codex

Today, I’m pleased to introduce something I’ve been working on for the past six months: Shortcuts Playground, a plugin for ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
Electronics360

A simple tool to build and deploy AI on microcontrollers

Semiconductor provider Nuvoton Technology has launched a graphical user interface (UI) tool designed specifically for machine ...
Las Vegas Sun

CoreWeave Sandboxes Launches to Accelerate Reinforcement Learning, Agent Tool Use, and Model Evaluation

The Essential Cloud for AI™, today announced CoreWeave Sandboxes, an execution layer that gives AI researchers and platform teams secure, isolated environments for running reinforcement learning (RL), ...