CSOonline

Compromised npm package silently installs OpenClaw on developer machines

A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered that a compromised npm publish token pushed an update for the widely-used ...
Bleeping Computer

Fake job recruiters hide malware in developer coding challenges

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. The activity has been ongoing since at ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential ...
GitHub

Breakpoint Debugging Time Vortex Analyzer

A Clarity smart contract system that tracks and analyzes developer debugging patterns, time expenditure, and problem-solving behaviors on the Stacks blockchain. The Breakpoint Debugging Time Vortex ...
GitHub

LeonSGP43/Claude-code-ChatUI

⚠️ Important Version Notice (Updated 2025.11.05): Claude Code official has released v2.0.33, which can be directly installed using methods compatible with v1.0.48. We recommend using v2.0.33 with ...