Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Developer Tech

JetBrains marketplace malware exposes developer API keys

Security researchers identified a coordinated malware campaign within the JetBrains Marketplace designed to exfiltrate ...
Infosecurity Magazine

Fifteen JetBrains Marketplace Plugins Found Stealing API Keys

Security researchers have uncovered a coordinated campaign designed to steal developers’ AI-related API keys via malicious ...
Decrypt

7 Ways Businesses Are Using Crypto Swap APIs

Real-world case studies show how the best crypto swap APIs help wallets, aggregators, and protocols improve onboarding and ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
CNET

The Netflix Secret Codes That Unlock Every Hidden Genre in the Library

Netflix's hidden genre codes bypass the algorithm entirely and drop you straight into whatever category you're actually in ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
Cryptopolitan

Attackers trojanized Arweave’s WeaveDB npm package to deploy malware

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its own. Here's what you can do about it.

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.
GitHub

FreeRouter — Free, Self-Hosted AI Model Router

💸 Middleman markup — OpenRouter and similar services charge on top of provider prices Zero markup. Self-hosted, runs locally. You pay providers directly. 🔥 Every message hits your expensive model — ...
Canada

Government of Canada Standards on APIs

Application Programming Interfaces (APIs) are foundational to a modern digital ecosystem. These standards govern how APIs are to be developed across the Government of Canada (GC) to better support ...