「TypeScript 6.0」が正式リリース ~「TypeScript 7.0」も数カ月以内に ...

米Microsoftは3月23日(現地時間)、「TypeScript 6.0」を正式リリースした。現在、パッケージ管理システム「npm」からインストール可能。 +---------------------------+ ...
The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Valentić told The Hacker News that the use of fake progress indicators mimicking legitimate installation progress and the ...
WinBuzzer

Trivy Breached Twice in a Month via GitHub Actions

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...
Visual Studio Magazine

TypeScript 6.0 Ships as Final JavaScript-Based Release, Clears Path for Go-Native 7.0

Microsoft released TypeScript 6.0 on March 23, the last version built on the original JavaScript codebase, with three post-RC changes and a wave of deprecations designed to ready codebases for the ...

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, ...
ScanNetSecurityOpinion

サイバー犯罪の無限ループ 産業化したサプライチェーン攻撃

「攻撃者がサプライチェーン攻撃を好み、それを産業化したのは、サプライチェーンへの攻撃がスケールメリットを生み、被害拡大の速度も速く、なおかつ正規の経路を使うためにバレにくいからだ。上流での単一の侵害が、今やその産業全体に波及する可能性すらある。ことが ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

TypeScript 6.0 is ready: On the way to Go-based TypeScript 7.0

The last release with a JavaScript codebase is ready. From version 7, the compiler and language service will be written in ...

JetBrains、「IntelliJ IDEA」のJavaScript/TypeScript/HTML/CSSコア機能を無償化 ...

チェコのJetBrainsは3月19日(現地時間)、統合開発環境「IntelliJ ...
The Hacker News

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

GlassWorm uses Solana and Google Calendar dead drops to deliver RAT stealing browser data and crypto wallets, impacting ...