Popular Topics

Topics

About

Policies

Our Network

More

Cybercrime

Cybercrime | News, how-tos, features, reviews, and videos

Latest from today

news
Image

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace checks and silently installing malware onto developers’ systems.

By Shweta Sharma
3 mins
CybercrimeDevelopment ToolsMalware
news
Image

Microsoft warns of job‑themed repo lures targeting developers with multi‑stage backdoors

By Shweta Sharma
3 mins
CareersDeveloperMalware
news
Image

New npm worm hits CI pipelines and AI coding tools

By Shweta Sharma
3 mins
Development ToolsMalwareSecurity
news

Crooks are hijacking and reselling AI infrastructure: Report

By Howard Solomon
7 mins
Artificial IntelligenceCybercrimeVulnerabilities
news

OpenAI admits data breach after analytics partner hit by phishing attack

By John E. Dunn
5 mins
APIsCyberattacksData Breach
news

North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes

By Shweta Sharma
3 mins
Development ToolsMalwareSecurity
news

Malicious npm package sneaks into GitHub Actions builds

By Shweta Sharma
4 mins
CybercrimeDeveloperMalware
news

How GlassWorm wormed its way back into developers’ code — and what it says about open source security

By Taryn Plumb
6 mins
CybercrimeDevelopment ToolsMalware
news

Malicious npm packages contain Vidar infostealer

By Howard Solomon
6 mins
CybercrimeDevelopment ToolsMalware

Articles

news

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain attacks they’ve seen, and it’s spreading.

By Howard Solomon
Oct 21, 2025 8 mins
CybercrimeDevelopment ToolsMalware
news

Threat actors are spreading malicious extensions via VS marketplaces

Report from Wiz also says developers are uploading extensions that include access tokens and other secrets.

By Howard Solomon
Oct 17, 2025 9 mins
CybercrimeDevelopment ToolsMalware
news

QR codes become the vehicle for malware in new technique

A newly-discovered malicious package with layers of obfuscation is disguised as a utility library, with malware essentially hiding in plain sight in embedded QR codes.

By Taryn Plumb
Sep 23, 2025 4 mins
Development ToolsMalwareVersion Control Systems
opinion

NPM attacks and the security of software supply chains

Process improvements and a closer look at funding streams will provide far more protection for the open source software we depend on than isolated guardrails.

By Matt Asay
Sep 22, 2025 7 mins
CyberattacksOpen SourceSecurity Practices
news

Google to add developer verification requirement for Android apps

Scheduled for rollout starting in September 2026, the program aims to restrict malware distribution by requiring developer verification for apps installed on Android devices.

By Paul Krill
Sep 2, 2025 2 mins
MalwareMobile DevelopmentMobile Security
news

Supply chain attack compromises NPM packages to spread backdoor malware

Phishing attacks on package maintainer accounts led to infected JavaScript type testing utilities.

By John E. Dunn
Jul 24, 2025 1 min
EngineerMalwareOpen Source
news

GitHub hit by a sophisticated malware campaign as ‘Banana Squad’ mimics popular repos

Attackers use typo-squatting, obfuscation, and fake accounts to slip Python-based malware into open-source projects, raising fresh alarms for OSS supply chain security.

By Shweta Sharma
Jun 20, 2025 1 min
EngineerMalwareSecurity
news

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

“Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter dependency controls and DGA malware detection.

By Shweta Sharma
Jun 17, 2025 1 min
EngineerMalwarePython
news

Warning to developers: Stay away from these 10 VSCode extensions

Malicious extensions that install a cryptominer were released just as the weekend started.

By Howard Solomon
Apr 7, 2025 1 min
Development ToolsEngineerMalware
news

GitHub suffers a cascading supply chain attack compromising CI/CD secrets

CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.

By Gyana Swain
Mar 19, 2025 5 mins
Build AutomationData BreachEngineer
news

Thousands of open source projects at risk from hack of GitHub Actions tool

Researchers say compromised tool in the GitHub CI/CD environment stole credentials; infosec leaders need to act immediately.

By Howard Solomon
Mar 17, 2025 5 mins
Data BreachVersion Control SystemsVulnerabilities
news

Large language models hallucinating non-existent developer packages could fuel supply chain attacks

LLMs could be exploited to launch waves of “package confusion” attacks, first major study into package hallucination finds.

By John E. Dunn
Sep 30, 2024 5 mins
CyberattacksGenerative AISoftware Development
View all

Resources

whitepaper

Timely trends and advice for Financial Services IT leaders for AI success

Join us for this webinar from Elastic, featuring a guest speaker from IDC, where a pair of experts will outline market trends for AI in financial services.

The post Timely trends and advice for Financial Services IT leaders for AI success appeared first on Whitepaper Repository -.

By Elastic
19 Mar 2026
Artificial IntelligenceBusiness OperationsDigital Transformation
Image
whitepaper

Getting Data Fit for AI – How Pentaho Intelligent Data Optimization Cuts Costs and Accelerates AI Readiness

By Pentaho
19 Mar 2026
Artificial IntelligenceData ManagementRisk Management
Image
whitepaper

The Data Discipline Playbook for the AI Era

By Pentaho
19 Mar 2026
Artificial IntelligenceData ManagementRisk Management
Image
View all