Security vulnerabilities and alerts
View All Tags
A critical security vulnerability has been identified in OpenAI Codex: an attacker can bypass permission validation and achieve remote code execution (RCE) simply by inducing a user to open a folder.
VULNERABILITY ALERTS
Security researchers have detected a large-scale supply chain attack on the official npm registry orchestrated by the North Korean-linked threat group **FAMOUS CHOLLIMA** (also known as LabP2P). The group released at least **26 malicious packages** masquerading as legitimate development tools. These packages utilize `install.js` scripts to automatically trigger Remote Access Trojans (RATs) upon installation, aiming to exfiltrate developers' SSH keys, Git repositories, browser credentials, and sensitive clipboard data.
VULNERABILITY ALERTS