The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...
GitHub

Catch the slop AI coding agents leave in your code.

The patterns Claude Code, Cursor, Codex, and OpenCode leave behind: narrative comments above self-explanatory code, swallowed exceptions, as any casts, hallucinated imports, duplicated helpers, dead ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
GitHub

acs-javascript-calling-library-release-notes.md

Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the ...
The Hacker News

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams ...

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, ...
USENIX

Package Hallucinations: How LLMs Can Invent Vulnerabilities

The model's output will appear correct, the package name will pass validation, and the installation will succeed, quietly importing malicious code. To make matters worse, motivated attackers can go ...
来自MSN

Elon Musk's XChat app is coming to Android soon! Know what it offers

In April, Elon Musk’s X released a standalone messaging app called XChat for the iOS ecosystem. Now, the company has confirmed that the app will soon be released for Android devices, and it's open for ...