Krebs on Security

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

Malicious AI extensions on VSCode Marketplace steal developer data

Marketplace that were collectively installed 1.5 million times, exfiltrate developer data to China-based servers.
Ars Technica

AI-generated code could be a disaster for the software supply chain. Here’s why.

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
Lubbock Avalanche-Journal

City of Lubbock restores websites after finding 'potentially malicious code' on computer

The City of Lubbock announced that it has fully restored its websites a week after it took those sites offline due to a "potential security concern." On Tuesday, the City of Lubbock said that on Aug.
TechCrunch

Ox Security lands a fresh $60M to scan for vulnerabilities in code

As “vibe coding” gains in popularity and tech companies push devs in their employ to embrace generative AI tools, a platform that scans for vulnerabilities in AI-generated code has raised a fresh ...