InfoWorld

Malicious npm package sneaks into GitHub Actions builds

The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
CSO Online

November Patch Tuesday: Zero day Windows kernel flaw in servers, controllers, and PCs

Also of importance are a Kerberos vulnerability in Active Directory, a Visual Studio Copilot extension, and a Microsoft ...
The Hacker News

Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities ...