Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM ...
The Hacker News

Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems

Researchers found a fake Ethereum helper package on crates.io that secretly downloaded OS-specific payloads and executed them on developer machines.
DataBreachToday

Codex Bug Let Repo Files Execute Hidden Commands

OpenAI patched a command injection flaw in its Codex CLI tool that let attackers run arbitrary commands on developer machines ...
CSO Online

RCE flaw in OpenAI’s Codex CLI highlights new risks to dev environments

Researchers found that .env files inside cloned repositories could be used to change the Codex CLI home directory path and ...
SecurityWeek

Microsoft Silently Mitigated Exploited LNK Vulnerability

Microsoft has silently mitigated CVE-2025-9491, a Windows vulnerability exploited to distribute malware via LNK files ...
SecurityWeek

Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers

OpenAI recently patched a Codex CLI vulnerability that can be exploited in attacks aimed at software developers.

State sponsored hackers have been exploiting this LNK vulnerability for years - and it has only just been patched by Microsoft

The LNK vulnerability was used to launch remote code execution in cyber-espionage, data theft, and fraud attacks.