SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Half a dozen vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could be exploited to bypass protections against ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...