A malicious package in the Node Package Manager index uses invisible Unicode characters to hide malicious code and Google Calendar links to host the URL for the command-and-control location. The ...

Attackers can target the Foxit PDF Reader and PDF Editor applications. Security patches are available for download.

The open-source database management system Firebird is vulnerable in several ways. It can allow malicious code onto systems.

An unknown threat actor is deploying a large-scale, sophisticated cryptojacking campaign through a series of malicious extensions in Visual Studio Code, Microsoft’s lightweight source-code editor, ...

A threat actor called TigerJack is constantly targeting developers with malicious extensions published on Microsoft's Visual Code (VSCode) marketplace and OpenVSX registry to steal cryptocurrency and ...

Attackers are using fake Claude Code install pages and malicious search ads to spread infostealer malware targeting Windows and macOS systems. Threat actors are exploiting a common developer habit — ...

Marketers promote AI-assisted developer tools as workhorses that are essential for today’s software engineer. Developer platform GitLab, for instance, claims its Duo chatbot can “instantly generate a ...

A security researcher has discovered a FileFix attack chain that allows a threat actor to execute malicious scripts while bypassing the Mark of the Web (MoTW ...