The Information

Anthropic in Advanced Talks to Buy Developer Tool Startup in First Acquisition

Anthropic is in advanced discussions to buy Bun, a maker of software used to run and manage code more efficiently, according ...
Dark Reading

DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory

North Korean attackers have delivered more than 197 malicious packages as part of ongoing state-sponsored activity to ...
Infosecurity Magazine

ShadyPanda's Seven-Year Campaign Infects 4.3M Chrome and Edge Users

A seven-year browser extension campaign has infected 4.3 million Chrome and Edge users. The group responsible, tracked as ...

Stealthy browser extensions waited years before infecting 4.3M Chrome, Edge users with backdoors and spyware

A seven-year malicious browser extension campaign infected 4.3 million Google Chrome and Microsoft Edge users with malware, ...
The Hacker News

ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

ShadyPanda abused browser extensions for seven years, turning 4.3M installs into a multi-phase surveillance and hijacking ...
CSO Online

Contagious Interview attackers go ‘full stack’ to fool developers

The originators of the Contagious Interview cyberattack campaign are stitching GitHub, Vercel, and NPM together into a development and delivery pipeline to drop malware.
The Financial Express

‘All code is magic until…,’ says Zoho’s Sridhar Vembu after Google CEO Sundar Pichai encouraged vibe coding

While acknowledging the convenience of AI tools, Vembu pushed back on the idea that coding could be reduced entirely to ...
India Today

After Sundar Pichai hails vibe coding, Zoho CEO Sridhar Vembu says coding is magic all the way down

Zoho CEO Sridhar Vembu has pushed back against the growing hype around “vibe coding”, days after Google CEO Sundar Pichai ...
Crowdfund Insider

E-Skimming Newest Online Threat: NordVPN

As holiday shopping peaks, experts warn about e-skimming — malicious JavaScript code injected into legitimate e-commerce sites to steal customers’ payment ...
Crowdfund Insider

Regtech SlowMist Analyzes Malicious Code Stealing Sensitive Keys, Private Information

Regtech firm SlowMist noted that recently, the NPM ecosystem experienced another large-scale package poisoning incident.

PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle

PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and ...