Bubble AI app builder abused to steal Microsoft account credentials

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps.
TechBooky

GitHub Expands AI Security Detections Across More Languages

GitHub is adding AI-powered security detections to its Code Security offering, aiming to catch more vulnerabilities across a ...

JetBrains、「IntelliJ IDEA」のJavaScript/TypeScript/HTML/CSSコア機能を無償化

チェコのJetBrainsは3月19日(現地時間)、統合開発環境「IntelliJ IDEA」でJavaScriptおよびTypeScriptの中核機能を無償化すると発表した。これまで「Ultimate」サブスクリプションだけに含まれていたJavaScript、TypeScript、HTML、CSSの機能を「IntelliJ IDEA 2026.1」より無料で提供する。
The Hacker News

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple countries.

Waratek Redefines Secure Development with Launch of Waratek IAST at JavaOne 2026

AI-assisted code speeds development, but introduces vulnerabilities at an alarming rate. Waratek IAST reports flaws ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...