#secrets-exfiltration
#secrets-exfiltration

[ follow ]

Shai-Hulud 2.0's impact appears vast as NPM ecosystem struggles to cope

A widespread NPM supply-chain campaign, Shai-Hulud 2.0, exfiltrated hundreds of thousands of secrets, reused valid tokens, and added destructive functionality targeting development environments.

Information security

fromTheregister

3 months ago

AWS patches Q Developer after prompt injection, RCE demo

Amazon fixed prompt-injection and RCE-capable vulnerabilities in the Amazon Q Developer VS Code extension by updating the language server and adding human-in-the-loop approval.

[ Load more ]

#secrets-exfiltration#secrets-exfiltration

Shai-Hulud 2.0's impact appears vast as NPM ecosystem struggles to cope

AWS patches Q Developer after prompt injection, RCE demo

#secrets-exfiltration
#secrets-exfiltration