AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.
MIT Technology Review

The Download: AI’s role in the Iran war, and an escalating legal fight

Much of the spotlight on AI in the Iran conflict has focused on models like Claude helping the US military decide where to ...
theregister

Indie web browser Ladybird flutters toward Rust with a little help from AI

The independent Ladybird web browser project is changing course on its choice of programming languages, with LLM-based coding assistants helping to evaluate the shift. The latest blog post from the ...
Bleeping Computer

GhostPoster attacks hide malicious JavaScript in Firefox addon logos

A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions with more than 50,000 downloads, to monitor browser activity and plant a backdoor. The ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
SecurityWeek

Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware

The malware uses invisible Unicode characters to hide its code and blockchain-based infrastructure to prevent takedowns. Visual Studio developers are targeted with a self-propagating worm in a ...
TechSpot

Breach of npm threatens billions of weekly downloads in JavaScript ecosystem

What the Script: Supply chain attacks are traditionally designed to inflict maximum damage on structured organizations or companies. However, when such an attack compromises a supply chain that an ...
blockonomi

JavaScript Libraries with 2 Billion Weekly Downloads Targeted in Crypto Theft Attempt

18 popular NPM packages with over 2 billion weekly downloads were compromised through a phishing attack targeting developer “Qix” The malware functioned as a “crypto-clipper,” silently replacing ...
ZDNet

How to use ChatGPT to write code - and my top trick for debugging what it generates

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
WBUR

'The Interpreter' explores the reality of children acting as 'language brokers' for their parents

Bridging language gaps between families is a reality for a lot of children of immigrants in America. According to the U.S. Census Bureau, an estimated 11 million children in the U.S. act as ...
The Connecticut Mirror

Lack of ASL Interpreters

Kim Silva (right) recounts the story of how she “thought she was going to die” from complications during a hospital visit during which a sign language interpreter was not available. John (left), her ...