Lucene search
K

4 matches found

The Hacker News
The Hacker News
added 2026/06/29 5:36 a.m.62 views

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/15 7:32 p.m.20 views

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview aka Famous Chollima, HexagonalRodent, and Void Dokkaebi. According to a report published by Proofpoint, the threat actor has...

6.9AI score
Exploits0
EUVD
EUVD
added 2026/06/02 3:34 p.m.13 views

EUVD-2026-33964

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/09/12 4:49 a.m.16 views

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

A security weakness has been disclosed in the artificial intelligence AI-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program. The issue stems from the fact that an out-of-the-box security setting is disabled by default,...

9.3CVSS8.3AI score0.00735EPSS
Exploits3
Rows per page
Query Builder