News

JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
Infosecurity Magazine8h

Cursor Autorun Flaw Lets Repositories Execute Code Without Consent

A newly disclosed flaw in the Cursor extension allows repositories to automatically execute code when a folder is opened, ...