资讯

CSO Online2 天
GitHub package limit put law firm in security bind
A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public ...
The Hacker News24 年
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
Malicious npm packages targeting Cursor macOS users stole credentials and disabled updates, impacting 3,200+ downloads.
Computing3 个月
Lazarus Group hiding malware in GitHub and open-source packages
The group slips “undetectable” malware into GitHub ... packages disguised as legitimate DeepSeek AI libraries were removed from PyPI after extracting sensitive credentials from developers ...
Computing2 个月
GitHub supply-chain attack threatens 23,000 organisations
The compromised commit contained base64-encoded instructions to download Python code which would then scan the memory of the GitHub Runner for credentials. The issue is tracked as CVE-2025-30066.
Endor Labs, which builds tools to scan AI-generated code for vulnerabilities, lands $93M
Endor Labs, a startup that builds tools to scan AI-generated code for vulnerabilities, has raised $93 million in a Series B ...