News

CoinDesk1h
XRP Ledger Bug Patched After 'Serious' Flaw Spotted in XRPL Library
The issue only affects versions of Node Package Manager (NPM), a site where developers share reusable code for projects.
Ripple's recommended XRP library xrpl.js hacked to steal wallets
The recommended Ripple cryptocurrency NPM JavaScript library named "xrpl.js" was compromised to steal XRP wallet seeds and ...
Cryptopolitan on MSN11h
XRP Ledger Foundation confirms SDK breach and issues urgent fix
A critical vulnerability has been discovered in the XRP Ledger SDK which allows hackers to insert a backdoor and potentially ...
The Hacker News1h
Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack
xrpl.js is a popular JavaScript API for interacting with the XRP Ledger blockchain, also called the Ripple Protocol, a ...
That massive GitHub supply chain attack? It all started with a stolen SpotBugs token
That massive GitHub supply chain attack that spilled secrets from countless projects? It traces back to a stolen token from a SpotBugs workflow - exposed way back in November, months earlier than ...
Enhancing your DevSecOps with Wazuh, the open source XDR platform
Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability ...
GitHub announces agent mode and MCP support now rolling out to all Visual Studio Code users
The largest software code repository on the planet, GitHub, is making its Copilot AI co-developer a whole lot more agentic ...
The Hacker News13d
Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots
This dramatic increase highlights how the proliferation of non-human identities (NHIs), such as service accounts, microservices, and AI agents, are rapidly expanding the attack surface for threat ...
Gemini could soon let you upload and analyze videos in these formats (APK teardown)
Latest Google app beta reveals more details about the upcoming video support for Gemini's upload and analyze feature.
North Korean hackers are using LinkedIn to entice developers to coding challenges - here's what you need to know
Slow Pisces targets crypto developers with bad code disguised as stock analysis tools Malicious code hides in plain sight, ...