開発者が日常的に使うツールが、最も危険な侵入口になった。GitHubの内部リポジトリが5月18日、不正アクセスを受け、2日後にハッカーグループ「TeamPCP」が、盗んだソースコードをサイバー犯罪フォーラムに売りに出した。侵入口となったのはVS Code拡張機能だ。開発者ツールを悪用した連鎖攻撃で、既存のセキュリティツールでは検知できない“ゼロCVEの死角”を突く――。新しい攻撃の形が、開発者エコ ...

Solidity remains the dominant smart contract language for Ethereum and EVM-compatible chains, with the 2025 developer survey collecting responses from developers across eighty-seven different ...

When the World Wide Web surged into existence during the 1990s, we were introduced to the problem of how to actually find ...

Microsoft warns of a new zero-day vulnerability that leaves Exchange open to hackers.

Microsoft Threat Intelligence said attackers placed malicious code inside a Mistral AI download distributed through a Python ...

Microsoft says attackers compromised the mistralai PyPI package with malware that executed on import, while researchers link ...

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

Weekly cybersecurity recap covering zero-days, malware, phishing, supply chain attacks, cloud threats, AI security risks, and ...

The University of Toronto, the University of British Columbia and the University of Alberta are among the largest Canadian ...

オープンソースのJavaScript HTTPクライアント「Axios」に不正なコードが仕込まれたサプライチェーン攻撃。発端となったソーシャルエンジニアリングの手口が明らかになったことで、標的はAxiosにとどまらず、オープンソースエコシステムを狙った攻撃が他にも多発している実態が浮かび上がった。

A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised. On ...

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...