repositories – NuclearCoffee

Hacker news

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

On Nov 24, 2025 2:26 pm, by NuclearCoffee

Nov 24, 2025Ravie LakshmananCloud Security / Vulnerability Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that’s… Continue reading

Hacker news

Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories

On Nov 11, 2025 3:10 pm, by NuclearCoffee

Nov 11, 2025Ravie LakshmananSoftware Supply Chain / Malware Cybersecurity researchers have discovered a malicious npm package named “@acitons/artifact” that typosquats the legitimate “@actions/artifact” package with the intent to… Continue reading

Hacker news

LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer

On Sep 20, 2025 7:57 am, by NuclearCoffee

Sep 20, 2025Ravie LakshmananSoftware Security / Malware LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced… Continue reading

Hacker news

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

On Sep 12, 2025 6:44 am, by NuclearCoffee

A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the… Continue reading

Tag: repositories

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories

LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Stay Connected