Results for "malicious package"
17 results found
Java Library Almost Duped AI Coders Into Deleting Tests
A malicious Java package nearly tricked AI coding agents into wiping unit tests. The attack exploited how AI assistants handle code suggestions.
GitHub Breach Exposes Thousands of Internal Repositories After Employee Installs Malicious VS Code Extension
A GitHub employee installed a malicious VS Code extension leading to exposure of thousands of internal repositories.
FBI Warns of Fake FIFA Websites Targeting World Cup Fans
The FBI warns dozens of spoofed FIFA sites are stealing data from fans ahead of the 2026 World Cup. Learn how to avoid phishing scams.
GitHub Confirms Breach of 3800 Repos via Malicious VSCode Extension
GitHub says 3,800 repositories were compromised by a malicious VSCode extension. The attack stole credentials and may have spread further.
Microsoft Warns AI Chatbots Are Steering Users to Malicious Sites
Microsoft warns that AI chatbots may direct users to malicious websites as threat actors adapt social engineering. Users should verify links carefully.
Open Source Project Hijacked in Phishing Campaign Targeting 14,000 Users
A developer discovered their open source tool was weaponized to phish thousands. The incident underscores supply chain risks in the open source ecosystem.
Google Releases Exploit for Unfixed Chromium Bug
Google released exploit code for an unpatched Chromium vulnerability that could let attackers monitor users and create botnets. The flaw has remained unfixed for 29 months.
AMOS Malware Emerges as Major Threat to macOS Users
A stealthy infostealer called AMOS is spreading on macOS through deceptive ads and social engineering. Security experts warn it marks a shift in mainstream malware targeting Apple devices.
iPhone Repair Risk: How to Stop a Technician From Stealing Your Photos
A Best Buy repair technician allegedly used AirDrop to steal private photos from a customer's iPhone. Learn how to protect your data before any device repair.
New SSD Side-Channel Attack Lets Websites Spy on User Activity
Researchers uncover a technique that exploits SSD access patterns to track user behavior online. The attack requires specific conditions but raises fresh privacy concerns.
Developer Plants Prompt Injection in Open Source App to Disrupt AI Coders
A developer added hidden prompt injection instructions to an open-source Java testing tool, causing AI coding agents to delete their own work.
Microsoft warns of GPU mining malware spread via SEO poisoning and AI chatbots
Microsoft uncovered a cryptojacking campaign targeting gamers and high-end PC users. Malware disguised as popular utilities like HWMonitor is spread through SEO poisoning and AI chatbot recommendations.
Security Audit Clears DJI Drones of Malware, Challenges FCC Ban
A U.S. cybersecurity audit found no malware or backdoors in DJI drones, casting doubt on the FCC ban and fueling a $1.56B legal fight.
Microsoft Agent 365 arrives as enterprises face shadow AI security threat
Microsoft's new agent management platform goes live amid rising risks from ungoverned AI agents in enterprises.
ChatGPT Mac App Vulnerability Patched After Security Flaw Found
A security flaw in the ChatGPT Mac app could have exposed conversations. OpenAI says no data was accessed and the issue is now fixed.
Google Tests Reduced Free Storage for New Accounts Without Phone Number
Google is testing a policy in select regions that limits new accounts to 5GB free storage unless users link a phone number. The move aims to curb abuse but raises privacy questions.
New Side-Channel Attack Uses Browser Storage to Fingerprint Devices
Researchers developed FROST, a side-channel attack using OPFS-based SSD timing in browsers to create persistent device fingerprints that bypass privacy protections.