Malicious – NuclearCoffee

Hacker news

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

On Dec 09, 2025 8:53 am, by NuclearCoffee

Dec 09, 2025Ravie LakshmananMalware / Threat Analysis Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer… Continue reading

Hacker news

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

On Dec 04, 2025 12:43 am, by NuclearCoffee

Dec 03, 2025Ravie LakshmananMalware / Web3 Security Cybersecurity researchers have discovered a malicious Rust package that’s capable of targeting Windows, macOS, and Linux systems, and features malicious functionality… Continue reading

Hacker news

Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code

On Dec 03, 2025 10:21 am, by NuclearCoffee

Dec 03, 2025Ravie LakshmananMachine Learning / Vulnerability Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to execute arbitrary… Continue reading

Hacker news

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

On Dec 02, 2025 10:12 pm, by NuclearCoffee

Dec 02, 2025Ravie LakshmananAI Security / Software Supply Chain Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence (AI)-driven security scanners. The… Continue reading

Hacker news

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

On Dec 02, 2025 6:08 pm, by NuclearCoffee

Dec 02, 2025Ravie LakshmananMalware / Blockchain The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX… Continue reading

Hacker news

Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories

On Nov 11, 2025 3:10 pm, by NuclearCoffee

Nov 11, 2025Ravie LakshmananSoftware Supply Chain / Malware Cybersecurity researchers have discovered a malicious npm package named “@acitons/artifact” that typosquats the legitimate “@actions/artifact” package with the intent to… Continue reading

Hacker news

Hyper-V Malware, Malicious AI Bots, RDP Exploits, WhatsApp Lockdown and More

On Nov 10, 2025 2:46 pm, by NuclearCoffee

Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android… Continue reading

Hacker news

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

On Nov 07, 2025 9:30 am, by NuclearCoffee

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence –… Continue reading

Hacker news

Malicious VSX Extension “SleepyDuck” Uses Ethereum to Keep Its Command Server Alive

On Nov 03, 2025 7:56 pm, by NuclearCoffee

Nov 03, 2025Ravie LakshmananCryptocurrency / Threat Intelligence Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry that harbors a remote access trojan called SleepyDuck…. Continue reading

Hacker news

New “Brash” Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL

On Oct 30, 2025 10:14 pm, by NuclearCoffee

Oct 30, 2025Ravie LakshmananBrowser Security / Vulnerability A severe vulnerability disclosed in Chromium’s Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds…. Continue reading

Tag: Malicious

Stay Connected