The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...

Microsoft、「JavaScript AI Build-a-thon Season 2」の開催を発表

Microsoftは3月2日(現地時間)、「JavaScript AI Build-a-thon Season 2」の開催を発表した。 同プログラムは、JavaScriptやTypeScript開発者を対象に、AI機能の実装方法を実践的に学べる無料イベントだ。3月2日から13日までの第1フェーズでは、ローカルAIやエージェント構築などを取り上げ、2つのガイド付きプロジェクトを通じて学習を進める。
Arabian Post on MSN

Microsoft flags malicious Next.js developer traps

Microsoft has warned that threat actors are exploiting seemingly legitimate Next. js repositories to compromise software developers, embedding staged backdoors inside projects that mimic technical ...
Infosecurity Magazine

Flaws in Popular Software Development App Extensions Allow Data Exfiltration

Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...