The Next Web

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

A popular npm package for OpenAI Codex with 29,000 weekly downloads has been stealing developer authentication tokens for a month. The same credential-theft chain also ran through two Android apps ...
VentureBeat

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

On May 19, 633 malicious npm package versions passed Sigstore provenance verification. They were cleared by the system because the attacker had generated valid signing certificates from a compromised ...
The Hacker News

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, ...
The Hacker News

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based ...
GitHub

An advanced developer sandbox for dynamically loading, isolating, and interacting with other Datacore components using live prop injection.

Views Inceptions is a comprehensive developer tool built as an isolated sandbox for testing, executing, and previewing any component within your Obsidian vault. It resolves files matching component ...
GitHub

devkit — In-game developer debug menu for Qbox servers

A standalone in-game developer debug and resource management menu for FiveM servers. Scans a configurable resource folder and provides a UI to manage, test and debug resources without leaving the game ...