Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
Visual Studio Magazine

Hands On with New Multi-Agent Orchestration in VS Code

Multi-agent orchestration makes workflow more inspectable, with clear handoffs and a QA backstop. Breaking the work into discrete steps makes the output easier to audit and fix. A timestamped handoff ...
Bleeping Computer

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
InfoWorld

Easier Chrome browser automation with PyDoll

Overview The PyDoll library for Python automates actions in Chrome browsers and their cousins (like Microsoft Edge) without plugins, by using Chrome's own native automation APIs. See in this video how ...
The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...
ExtremeTech

Microsoft Fixes Windows 11 Bug That Let Attackers Run Remote Code in Notepad

Share on Facebook (opens in a new window) Share on X (opens in a new window) Share on Reddit (opens in a new window) Share on Hacker News (opens in a new window) Share on Flipboard (opens in a new ...