Malicious packages for dYdX cryptocurrency exchange empties user wallets

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX ...
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
GitHub

Burp Suite extension that mutates ciphers to bypass TLS-fingerprint based bot detection

The extension modifies network settings during brute force attacks. It is not recommended to use this extension concurrently with other active scans.
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...
CSO Online

AI-powered polymorphic attack lures victims to phishing webpages

A new breed of malware uses various dynamic techniques to avoid detection and create customized phishing webpages.

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a malicious ‘.npmrc’ can override the git binary path, leading to full code ...
GitHub

kubetail-org/fancy-ansi

Failure to parse some of our users' ANSI markup Use of hard-coded styles that made customization more difficult Lack of support for CSS variables To solve these problems and make something that ...