The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Report: Jazz's Vince Williams Jr. suffers season-ending torn left ACL in collision with Rockets' Tari Eason

The fourth-year guard suffered a seasonending injury following an away-from-the ball bump from Eason that Jazz coach Will ...

Breaking down the chaos after Vinicius Jr alleged he was racially abused by Champions League opponent

There were ugly scenes in Benfica's play-off first leg against Real Madrid as Vinicius Jr alleged racist abuse by Prestianni that he denies ...

Vinicius Jr racism allegations: The protocols, what happens now and possible punishments

Dissecting how allegations of racism are dealt with by football's authorities and what the consequences could be ...