Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities

The latest releases of Cursor and Windsurf integrated development environments are vulnerable to more than 94 known and ...
InfoWorld

Self-propagating worm found in marketplaces for Visual Studio Code extensions

Treat this as an immediate security incident, CISOs advised; researchers say it’s one of the most sophisticated supply chain ...
SecurityWeek

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities

Google has released Chrome 142 to the stable channel with patches for 20 vulnerabilities, including seven high-severity flaws.

Tata Motors Breach Exposed 70TB of Sensitive Data Before Fix

Security researcher Eaton Zveare discovered that two sets of Amazon Web Services keys were left exposed across Tata Motors' ...
SecurityWeek

Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware

Visual Studio developers are targeted with a self-propagating worm in a sophisticated supply chain attack through the OpenVSX ...

I am a SAP Expert and here's how AI can defend SAP security better against hackers

There are several prerequisites for AI to be fully effective in SAP security: System hardening: This includes securing ...

PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal ...

OpenAI's shiny new Atlas browser might have some serious security shortcomings - and it's not the only one under threat from dangerous spoof attacks

Researchers from browser security firm SquareX found a benign-looking extension can overlay a counterfeit sidebar onto the ...
InfoWorld

Visual Studio Code taps AI for merge conflict resolution

VS Code 1.105 also introduces a built-in MCP server marketplace and allows users to resume recent Copilot Chat sessions.

Google Issues Second Emergency Chrome Security Update in a Week

If you’re among the 3.5 billion people using Google Chrome on Windows, Mac, Linux, or Android, it’s time to pay attention.

Claude Code trojan found in NPM

Supply chain security company Safety has discovered a trojan in NPM that masqueraded as Anthropic’s popular Claude Code AI ...

Claude code will send your data to crims ... if they ask it nicely

"The exploit hijacks Claude and follows the adversaries instructions to grab private data, write it to the sandbox, and then calls the Anthropic File API to upload the file to the attacker's account ...