The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
TL;DR: Titus is an open source secret scanner from Praetorian that detects and validates leaked credentials across source code, binary files, and HTTP traffic. It ships with 450+ detection rules and ...
A new malware is circulating in the npm ecosystem, stealing credentials and CI secrets and spreading autonomously.
In this article, we will explore the hot topic of securing AI-generated code and demonstrate a technical approach to shifting ...
Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...
Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
A self-replicating npm worm dubbed SANDWORM_MODE hits 19+ packages, harvesting private keys, BIP39 mnemonics, wallet files and LLM API keys from dev environments.
Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...
A set of attack vectors in GitHub Codespaces have been uncovered that enable remote code execution (RCE) by opening a malicious repository or pull request. The findings by Orca Security, show how ...
Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.
With the massive adoption of the OpenClaw agentic AI assistant, information-stealing malware has been spotted stealing files ...
The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results