SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
Martin Cid Magazine

GlassWorm hid invisible code in VS Code extensions for a year before its takedown

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...
Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Infosecurity-magazine.com

GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension

GitHub has confirmed that a recent breach into its internal repositories was caused by a vulnerability in a Microsoft Visual Studio Code (VS Code) extension called ‘Nx Console.’ The security team at ...
KTLA

Metro’s D Line extension opens, connecting downtown L.A. to Beverly Hills in about 20 minutes

After years of construction and anticipation, Metro’s long-awaited D Line extension officially opened to passengers Friday morning, giving riders a faster connection between downtown Los Angeles and ...
MacRumors

OpenAI's Codex Now Works in Chrome With New Extension

OpenAI today launched Codex for Chrome, a Chrome extension that lets Codex work directly in the browser on Macs and PCs. With the extension, Codex can use the browser to test web apps, get context ...
ZDNet

Microsoft finally open sources DOS 1.0 - and it's so much more than the code

PC-DOS 1.00 would lead to Microsoft becoming computing's top dog Microsoft continues to embrace open source. The source code and annotations provide insight into the operating system's earliest days.
Dark Reading

Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain

The ongoing GlassWorm campaign has deployed a fresh wave of malicious Visual Studio (VS) Code extensions, many of which seem initially benign but later deploy self-replicating malware that can poison ...
ABC7 San Francisco

CPSC warns not to use 'male-to-male' extension cords due to risk of electrocution, fire

SAN FRANCISCO (KGO) -- The U.S. Consumer Product Safety Commission is warning consumers to immediately stop using hazardous extension cords, often called "suicide cords" or "widowmakers." These cords ...