An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has ...

What's new? GitHub launched the MCP registry to list MCP servers for Copilot, AI agents and tools; it supports one click ...

The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...

Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that ...

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...

CodeRabbit's $60M funding highlights enterprise need for AI code review platforms, with organizations seeing 25% efficiency ...

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

In a similar style to the Nx attack, the payload then publishes a new repo via the victim's GitHub account, dropping stolen ...

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

MEM Agent combines privacy, local memory, and AI integration to streamline workflows while keeping your data safe and secure ...

GPT-5-Codex now extends this unified setup with deeper engineering capabilities — even running "independently for more than 7 ...