MONDAY, JUNE 29, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 2h ago

Hijacked npm and Go Packages Deploy Python Info Stealer via VS Code Tasks

By Meridian48 News Desk · Summarised from The Hacker News ·

Researchers at JFrog discovered two hijacked npm packages and a cluster of Go packages that install a Python-based information stealer on Windows, Linux, and macOS. The attack bypasses npm lifecycle scripts to evade detection and remains compatible with npm v12 security measures. The malware targets credentials and sensitive data from compromised systems.

Meridian48 take
The use of VS Code tasks as an execution vector highlights how attackers adapt to platform security changes, making this a notable evolution in supply chain attacks.
Read the full reporting
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer →
The Hacker News
supply-chain-attackpython-infostealer
More security briefs
Security

Critical libssh2 Flaw Puts SSH Clients at Risk of Remote Code Execution

The Hacker News · 1h ago
Security

AI Agents Leak Secrets When Developers Embed Credentials in Prompts

DEV Community · 41m ago
Security

AI Security Gate: A Deterministic Layer for AI-Generated Code

DEV Community · 2h ago
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan