All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

@withgoogle/stitch-sdk: Scope Squat Harvests Developer Credentials

A malicious npm package squats the @withgoogle scope to impersonate Google Stitch, silently harvesting credentials from Claude Code, git, GitHub CLI, SSH keys, npm, and Docker on install.

Read the full article
20d ago

You might also wanna read

npm malware targeting Claude users leaks own GitHub token, reaches 676 downloads

Script kiddies these days

theregister.com·1mo ago

Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code

The Glassworm supply chain attack is back. Researchers uncovered malware hidden in invisible Unicode characters across 150+ GitHub repositor

aikido.dev·3mo ago

Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code

The Glassworm supply chain attack is back. Researchers uncovered malware hidden in invisible Unicode characters across 150+ GitHub repositor

aikido.dev·3mo ago

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories

Infosecurity Magazine - Information Security & IT Security News and Resources·1mo ago

Open-Source Repo Plants Auth Bugs to Test Whether AI Coding Agents Can Catch Them

A developer tool called FetchSandbox has published an open-source GitHub repository containing intentionally planted security vulnerabilitie

ShortSingh·13h ago

Post-mortem Analysis of @ctrl/tinycolor npm Supply Chain Attack via GitHub Actions

Lessons learned from becoming the unexpected face of a npm supply-chain attack.

sigh.dev·9mo ago

Undocumented Claude Code Features Revealed Through Source Code Analysis

Hook fields that rewrite commands mid-flight, persistent agent memory, auto-mode rules in plain English, self-improving dream loops, and eve

buildingbetter.tech·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.