The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Cryptopolitan on MSN

Malicious packages empty dYdX user wallets

dYdX has been targeted by bad actors using malicious packages to empty its user wallets.
InfoWorld

GlassFish 8 Java server boosts data access, concurrency

Update implements Jakarta EE 11 platform and brings support for Jakarta Data repositories and virtual threads.

Malicious packages for dYdX cryptocurrency exchange empties user wallets

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX developers and backend systems and, in some cases, backdoored devices, ...

5 Linux servers that let you ditch the public cloud and reclaim your privacy - for free

5 Linux servers that let you ditch the public cloud and reclaim your privacy - for free ...