The Register on MSN

Fake 'interview' repos lure Next.js devs into running secret-stealing malware

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...
The Next Web

When malware learns to think

PromptSpy, discovered by ESET, is the first known Android malware to integrate generative AI into its execution flow.
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
InfoWorld

Enterprise use of open source AI coding is changing the ROI calculation

Open source has always had issues, but the benefits outweighed the costs/risks. AI is not merely exponentially accelerating tasks, it is disproportionately increasing risks.
The Hacker News

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass ...
IEEE

MALPRE: Malware Protocol Reverse Engineering through Code Slicing and Agentic Workflow

Abstract: Clarifying malware communication protocols is critical for enhancing system security. Existing protocol reverse engineering (PRE) methods lack effective strategies, failing to recover ...
CSOonline

AI-powered polymorphic attack lures victims to phishing webpages

AI-fueled attacks can transform an innocuous webpage into a customed phishing page. The attacks, revealed in a research from Palo Alto Networks’ Unit 42, are clever in how they combine various ...