The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...
Hosted on MSN

Malicious VS Code extensions resurface, stealing GitHub credentials and crypto wallets

Developers will have to contend with a dormant turned active malicious code on Visual Studio Code (VS Code) extensions, which is believed to have compromised thousands of users by stealing credentials ...
SiliconANGLE

Bad code, malicious models and rogue agents: Cybersecurity researchers scramble to prevent AI exploits

When it comes to dealing with artificial intelligence, the cybersecurity industry has officially moved into overdrive. Vulnerabilities in coding tools, malicious injections into models used by some of ...
Infosecurity-magazine.com

Malicious Microsoft VS Code Extensions Used in Cryptojacking Campaign

An unknown threat actor is deploying a large-scale, sophisticated cryptojacking campaign through a series of malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor, ...

Malicious Microsoft AI extensions might have hit over 1.5 million users

Two VSCode extensions are harvesting sensitive data and sending it to China.
SecurityWeek

North Korean Hackers Target macOS Developers via Malicious VS Code Projects

North Korean hackers target macOS developers with malware hidden in Visual Studio Code task configuration files.
CRN

ICSA Survey: Malicious Code On The Rise

The survey is the seventh annual virus prevalence study by ICSA Labs, a security research and product certification division of TruSecure, a managed security firm based here. The survey collected data ...
InfoWorld

Tackle malicious Web code without infecting yourself

How do you investigate potentially malicious Web page code without infecting yourself? As a computer security defender, I’m often in a position where I need to investigate a potentially malicious Web ...
Ars Technica

GitHub besieged by millions of malicious repositories in ongoing attack

GitHub is struggling to contain an ongoing attack that’s flooding the site with millions of code repositories. These repositories contain obfuscated malware that steals passwords and cryptocurrency ...
Crowdfund Insider

Regtech SlowMist Analyzes Malicious Code Stealing Sensitive Keys, Private Information

Regtech firm SlowMist noted that recently, the NPM ecosystem has experienced another large-scale package poisoning incident. For context, the so-called NPM ecosystem is the vast, interconnected system ...
Dark Reading

North Korea's Moonstone Sleet Widens Distribution of Malicious Code

A newly identified North Korean threat actor has widened its distribution of malicious node package manager (npm) code to public registries. And it's differentiating itself from other state-sponsored ...

Malicious Mac extensions steal crypto wallets and passwords

Mac users face new security threat as malware infiltrates trusted extension marketplaces, targeting cryptocurrency wallets and passwords through malicious code.