News

The Hacker News18h

Malicious Nx Packages in 's1ngularity' Attack Leaked 2,349 GitHub, Cloud, and AI Credentials

Nx supply chain attack on Aug 26, 2025 leaked 2,349 secrets via npm packages, risking GitHub and cloud accounts.
WinBuzzer19h

OpenAI Supercharges Codex AI Coding Agent With IDE Integration, GPT-5 Power, and GitHub Reviews

OpenAI has updated its Codex AI coding agent with a new VS Code extension, GPT-5 power, and automated GitHub pull request reviews for a unified developer experience.
The Hacker News11h

Researchers Find VS Code Flaw Allowing Attackers to Republish Deleted Extensions Under Same Names

VS Code flaw lets attackers reuse deleted extension names, enabling ransomware payload delivery and supply chain risks.
Infosecurity Magazine16h

Malicious VS Code Extensions Exploit Name Reuse Loophole

Visual Studio Code extensions have been identified exploiting a loophole that allows reuse of names from removed packages ...
InfoWorld12h

Wave of npm supply chain attacks exposes thousands of enterprise developer credentials

Attacks on the NX build system and React packages highlight escalating threats to enterprise software development pipelines.