NPM flooded with malicious packages downloaded more than 86,000 times

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...
InfoQ中国 on MSN

Deno 2.5提供了对权限集和测试API钩子的支持

Deno,是由Ryan Dahl构建的JavaScript运行时,最近发布了2.5版本,带来了包括增加权限集(Permission Sets)、新的测试钩子和对WebSockets的改进等特性。作为发布的一部分,还有许多性能方面的改进。 Deno 2 ...
The Hacker News

APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign

An attack campaign undertaken by a Vietnam-aligned hacking group known as OceanLotus (aka APT-Q-31) that delivers the Havoc post-exploitation framework in attacks targeting enterprises and government ...
GitHub

Yaak Desktop API Client

Yaak is an offline-first API client designed to stay out of your way while giving you everything you need when you need it. Built with Tauri, Rust, and React, it’s fast, lightweight, and private. No ...
Security Boulevard

Methodology: How we discovered over 2k high-impact vulnerabilities in apps built with vibe ...

Discover the security risks in vibe-coded applications as we uncover over 2,000 vulnerabilities, exposed secrets, and PII ...