Dashlane explains how attackers managed to download encrypted password vaults

Dashlane said that attackers mounted a coordinated hacking campaign against a large base of its users in an attempt to ...
Decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...
Infosecurity Magazine

North Korean Hackers Use Fake Coding Tasks to Steal Crypto

To reach protected secrets, the macOS and Linux versions show a fake password dialog, then reuse the captured password to ...
The Hacker News

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

Debug flag disabled Microsoft 365 Android token checks, letting untrusted apps access accounts; patches issued May 12 to ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
The Next Web

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...
WinBuzzer

VS Code Exploit Can Steal GitHub Tokens via github.dev

A VS Code exploit for github.dev can steal GitHub OAuth tokens after one malicious link, exposing private repositories while teams await a patch.