Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with running a seemingly benign GitHub repository could execute a malicious payload that is ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
The Hacker News

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

North Korea-linked ScarCruft uses fake Microsoft Account alerts and ZIP files to deliver NarwhalRAT, a Python RAT built for ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Engadget

Mastodon was hit by a 'major' DDoS attack that briefly took down parts of the service

Mastodon seems to be recovering after a Distributed Denial of Service (DDoS) attack that took down its primary mastodon.social instance. As TechCrunch notes, the platform began reporting issues early ...
TechCrunch

Mastodon says its flagship server was hit by a DDoS attack

Mastodon’s flagship server was hit by a distributed denial-of-service attack on Monday, the social networking software maker said, which rendered the instance ...
TechRepublic

Bluesky Outage: Coordinated Traffic Attack Causes Widespread Errors

Bluesky’s DDoS attack caused outages for a second day, disrupting feeds, notifications, and search across the platform. If Bluesky has been acting up lately, you’re not alone. Feeds won’t load.
TechCrunch

European police email 75,000 people asking them to stop DDoS attacks

A coalition of global law enforcement agencies have sent emails to more than 75,000 alleged cybercriminals who paid for a service to launch cyberattacks that can knock websites offline. On Thursday, ...
Krebs on Security

Feds Disrupt IoT Botnets Behind Huge DDoS Attacks

The Justice Department said the Department of Defense Office of Inspector General’s (DoDIG) Defense Criminal Investigative Service (DCIS) executed seizure warrants targeting multiple U.S.-registered ...
GitHub

Parametized DDOS Python Script

This is an updated version of our DDOS script written in Python incorporating Selenium ran in command line. It allows us to simulate DDoS attacks through single IP and multiple-IP (IP spoofing) ...