News

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

Cursor AI editor lets repos “autorun” malicious code on devices

A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious ...
CSO Online1h

Docker malware breaks in through exposed APIs, then changes the locks

The new variant of Docker-targeting malware skips cryptomining in favor of persistence, backdoors, and even blocking rivals ...
CSO Online6h

AI prompt injection gets real — with macros the latest hidden threat

Attackers are evolving their malware delivery tactics by weaponing malicious prompts embedded in document macros to hack AI ...