Tag: security
Threat campaign fooling developers in GitHub repos
A threat campaign has been targeting software developers through GitHub repos that, at first glance, look completely legitimate. Security researchers from ReversingLabs found over 60 GitHub repos containing what appeared to be ordinary hacking tools written in Python. But, look a bit closer – or rather, scroll a bit further right – and you’d find…
JavaScript packages hide ‘protestware’ against Russian users
Security researchers from Socket have stumbled upon a digital booby trap set for Russian-language users within JavaScript packages. The researchers found two npm packages – with the rather innocuous names @link-loom/ui-sdk and @link-loom-react-sdk – that look normal on the surface. They’re designed to help developers create nice-looking pop-up notifications in web applications. Yet, beneath this…
Future of development or risky shortcut?
So-called “vibe coding” is both exciting and a little unnerving—it’s a shift away from the painstaking, line-by-line grind of traditional coding towards something more fluid and conversational. The idea behind vibe coding is that you can collaborate with an AI, describe what you want, and watch as it constructs a working application. It promises a…
Former NFL star Antonio Brown is wanted for attempted murder
A warrant has been issued for the arrest of former NFL superstar Antonio Brown stemming from an altercation outside a celebrity kickboxing event last month in Miami. Brown is charged with the first-degree felony of attempted second-degree murder with a firearm. A judge from the 11th Judicial Circuit in Miami-Dade County signed the warrant Wednesday….
A nonprofit service with premium performance
Proton VPN stands out for two main reasons: it’s one of the only virtual private networks (VPNs) to include a free plan with no data limits, and it’s one of the few services majority-owned by a nonprofit. It’s the best VPN in both of those categories, and it makes a strong case for being the…
ICE agents will be providing ‘security’ for the FIFA Club World Cup in Miami
Confusion surrounds the FIFA Club World Cup set to kick off in Miami this weekend after the Department of Customs and Border Protection (CBP) and ICE announced they would be providing “security” for the event. Inter Miami is poised to face Al-Ahly Sporting Club from Egypt on Saturday night, and it’s unclear who (if anyone)…
Veracode unravels 12-layer npm attack to find RAT
Security researchers at Veracode, during their routine monitoring of the open-source world, stumbled upon two seemingly harmless software packages on the popular npm repository. However, when they looked inside, they weren’t greeted with code; instead, they faced a wall of Unicode characters, predominantly in Japanese Katakana and Hiragana. “What started as an investigation into a…
Fast speeds and a low learning curve
ExpressVPN is good at its job. It’s easy to be skeptical of any service with a knack for self-promotion, but don’t let ExpressVPN’s hype distract you from the fact that it keeps its front-page promise of “just working.” Outside of solid security, the two best things ExpressVPN offers are fast speeds and a simple interface….
Package lurking in npm for six years waits to destroy your work
Socket’s threat researchers have uncovered a package lurking in npm for six years that awaits a remote command to wipe projects. The culprit? A package called xlsx-to-json-lh, which mimics the legitimate xlsx-to-json-lc package. Notice the difference? Just one letter separates them, a ‘h’ instead of a ‘c’ – an easy mistake for even careful developers…