Malicious packages for dYdX cryptocurrency exchange empties user wallets

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX ...
Dark Reading

China-Backed 'PeckBirdy' Takes Flight for Cross-Platform Attacks

In two separate campaigns, attackers used the JScript C2 framework to target Chinese gambling websites and Asian government ...
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...
CSO Online

AI-powered polymorphic attack lures victims to phishing webpages

A new breed of malware uses various dynamic techniques to avoid detection and create customized phishing webpages.
GitHub

Advent of Code 2024

Advent of Code is a globally celebrated annual programming challenge that takes place from December 1st through December 25th. Each day during this period, a brand-new puzzle is unveiled, designed to ...

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a malicious ‘.npmrc’ can override the git binary path, leading to full code ...
GitHub

kubetail-org/fancy-ansi

Failure to parse some of our users' ANSI markup Use of hard-coded styles that made customization more difficult Lack of support for CSS variables To solve these problems and make something that ...