Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 ...

Software Development: Abstraction is Overrated

Abstraction is considered a virtue in software development. However, practice shows that wrong abstractions cause more harm ...

npmx.dev: New website for npm package search

The open-source project npmx is used for fast searching of npm packages. It focuses on UX, displays vulnerability warnings, and offers a dark mode.
Bitdefender

Leaked Google API keys can unlock Gemini API access and surprise bills

Exposed Google Cloud API keys in public JavaScript may now authenticate Gemini API calls, risking data exposure and runaway ...

North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.

Wikipedia blacklists Archive.today after alleged DDoS attack

Archive.today under fire, again ...
Le Lézard

ActiveState Unifies 79M Components to Launch World's Largest Secure Open Source Catalog

ActiveState, a global leader in open source language solutions and secure software supply chain management, today announced it has grown its catalog of secure open source components to 79 million, ...

Authorities Warn “Harmless-Looking” Packages Could Contain Dangerous Materials and Here’s What to Watch for

You should treat any unexpected package with caution, even if it looks innocent. Dangerous substances and malicious content increasingly come disguised in candy bags, toy boxes, souvenir items, and ...

OpenAI brings its Codex coding app to Windows

At the start of February, OpenAI upgraded its Codex coding app to give it the ability to manage multiple AI agents. At the ...

Anyone can code now. What will you build?

See how anyone can build a working app or website in minutes — no coding skills required.

Salute replaces silence for Iran after 'message from home'

In a change from the silence of their first game, Iran's women's national team saluted their anthem against Australia on Thursday. It appears to be another case of authorities cracking down on sport ...