7 articles tagged with "Developer Security"
Socket researchers identify 73 malicious VS Code extensions on Open VSX tied to GlassWorm campaign. Six already activated to deliver malware through native binaries and obfuscated JavaScript.
GlassWorm campaign expands across Open VSX, npm, and GitHub with invisible Unicode payloads and Solana-based C2. Developers urged to audit dependencies immediately.
Contagious Interview campaign weaponizes fake job interviews to deploy OtterCookie and FlexibleFerret malware. Targets crypto and AI developers for credentials.
GlassWorm supply chain attack spreads via 72 Open VSX extensions using invisible Unicode obfuscation. Targets crypto wallets, API tokens, and CI/CD pipelines.
Researchers discovered five packages on crates.io masquerading as time utilities while exfiltrating developer credentials and API keys to attacker infrastructure.
Supply chain attack targets PHP developers via fake Laravel utilities containing encrypted RAT payload. The malware gains full access to database credentials and API keys.
Microsoft uncovers developer-targeting campaign using fake coding assessments to deliver JavaScript backdoors through VS Code automation triggers and Vercel-hosted payloads.