The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...

Security News This Week: Password Managers Share a Hidden Weakness

Plus: The cybersecurity community grapples with Epstein files revelations, the US State Department plans an online ...

How Regulation And Data Collection Are Creating Physical Security Risks

Regulation and leaked identity data are creating new physical security risks for bitcoin holders, as criminals use personal information to enable coercive attacks.