The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized ...

慢雾:朝鲜黑客利用 VS Code 自动任务植入后门的攻击手法早在 7 个月 ...

吴说获悉,慢雾科技首席信息安全官 @im23pds 发文提醒,近期备受关注的朝鲜黑客针对开发者的攻击方式,其实早在 7 个月前就已出现在 GitHub 仓库“VSCode-Backdoor”中。该攻击手法涉及朝鲜相关人员利用虚假招聘信息引诱开发人员。一旦开发者打开恶意的 VS Code 项目,隐藏任务会自动运行,从 Vercel 获取 JavaScript ...
The Hacker News

North Korea-Linked Hackers Target Developers via Malicious VS Code Projects

North Korean hackers abuse Visual Studio Code task files in fake job projects to deploy backdoors, spyware, and crypto miners ...

Dam Secure raises $6.1 million to tackle AI code security risks

Dam Secure has raised $6.1 million to help enterprises catch security flaws in AI-generated code before it reaches production ...