SecurityWeek

Mirai Botnet Targets Flaw in Discontinued D-Link Routers

A Mirai botnet has started exploiting CVE-2025-29635, a year-old command injection vulnerability in discontinued D-Link ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
InfoWorld

Malicious pgserve, automagik developer tools found in npm registry

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...
Hosted on MSN

AI security tool scans Roblox scripts for hidden threats

A new AI-powered plugin for Roblox Studio, Advanced Anti-Backdoor, analyzes game scripts to detect hidden malicious code such as obfuscated loaders, data theft routines, and self-replicating viruses.