Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
9to5Google

The X app – you know, Twitter – for Android is on fire, but a fix is coming

Over the past few days, the Twitter/X app for Android has been left with some of its core functions inoperable. Opening links either pops up a menu to choose between two Twitter/X apps, or the link ...

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

How indirect prompt injection attacks on AI work - and 6 ways to shut them down ...

PocketOS maker says an AI agent “deleted our production database in 9 seconds.”

The details of what happened should be taken with a grain of salt since some of its self-reported by the chatbot, which can be tricky. But according to Jer Crane, a Cursor coding agent running Claude ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.