Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Researchers found 15 malicious JetBrains plugins posing as AI coding tools that exfiltrate OpenAI, DeepSeek, and SiliconFlow ...

TestSprite launches an open-source command-line tool to help AI agents check their own work

Autonomous artificial intelligence-powered software testing tool TestSprite Inc. today announced that the company has ...
The Next Web

Agentjacking: a fake bug report can hijack your AI coding agent

Tenet Security's 'Agentjacking' attack turns a fake Sentry error into code running on developer machines. It hijacked Claude Code, Cursor & Codex.

Scammers are using a fake captcha hack to steal your personal information: 'Verify you're human.' Here's the big red flag to watch for

Hackers are using this insidious scam to get unwitting victims to install malware themselves.
GitHub

lenucksi/aur-malware-check

Detection and analysis tools for the atomic-lockfile supply-chain attack on the Arch User Repository (AUR). This is a collection of all the scattered resources, especially the ones in the detection ...
GitHub

cloudflare-env.d.ts

content-addressed, double-entry ERP ledger built on Payload CMS and deployed serverlessly on Cloudflare. - erpax/erpax ...