Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...
InfoQ

VoidZero Announces Oxfmt Alpha with Rust-Powered Performance and Prettier Compatibility

VoidZero has unveiled Oxfmt, a cutting-edge Rust-based code formatter that offers over 30x faster performance than Prettier ...
InfoWorld

JetBrains IDEs integrate OpenAI Codex

OpenAI’s most advanced agentic coding model is natively integrated into JetBrains AI chat in the 2025.3 version of IntelliJ, ...
Dark Reading

'Contagious Interview' Attack Now Delivers Backdoor Via VS Code

Once trust is granted to the repository's author, a malicious app executes arbitrary commands on the victim's system with no ...
SecurityWeek

North Korean Hackers Target macOS Developers via Malicious VS Code Projects

North Korean hackers target macOS developers with malware hidden in Visual Studio Code task configuration files.

NotificationX WordPress WooCommerce Plugin Vulnerabilities Impact 40k Sites

An advisory was issued for a WordPress plugin vulnerability that can enable unauthenticated attackers to inject malicious ...
The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.