Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
21 articles

#Developer Security

All CosmicBytez Labs articles tagged #Developer Security, across news, security advisories, how-to guides, and projects.

  • NewsJul 16, 2026

    2-Click Cursor Exploit Enables Dev Environment Takeover

    DeepJack: two clicks in Cursor IDE silently installs a malicious MCP server with full user privileges, stealing source code and secrets. Unpatched in July 2026.

  • NewsJul 15, 2026

    Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

    A design flaw in the Cursor AI code editor on Windows executes any file named git.exe found in the root of a cloned project directory — automatically, with no prompt or warning, simply by opening the repository. Malicious repositories can weaponize this to steal SSH keys, cloud tokens, and source code on first open.

  • NewsJul 11, 2026

    Ghost Accounts Abuse GitHub API in Mass Recon Campaign

    Multiple threat campaigns are leveraging disposable 'ghost' GitHub accounts to conduct mass reconnaissance against organizations, systematically mapping...

  • NewsJul 11, 2026

    'Ghostcommit' Hides Prompt Injection in Images to Fool AI Agents and Steal Secrets

    Security researchers have demonstrated 'Ghostcommit,' a technique that embeds prompt injection payloads inside PNG images to bypass AI code review tools...

  • NewsJun 27, 2026

    Clean GitHub Repo Tricks AI Coding Agents Into Running Malware

    Researchers demonstrate how a seemingly clean, scanner-safe GitHub repository can silently execute a malicious payload when an AI coding agent clones and...

  • NewsJun 13, 2026

    NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

    NPM 12 will disable dependency install scripts by default, requiring explicit opt-in—a major shift targeting the supply chain attack vector exploited...

  • NewsJun 5, 2026

    IronWorm and New Miasma Worm Variant Hit npm in Coordinated Supply Chain Attacks

    Two distinct malware campaigns have hit the npm ecosystem simultaneously — IronWorm deploys a Rust-based infostealer via 50+ poisoned packages, while a new…

  • NewsJun 3, 2026

    VS Code Zero-Day Lets Hackers Steal GitHub Tokens in One Click

    A security researcher has released exploit code for a Visual Studio Code zero-day vulnerability that allows attackers to steal GitHub authentication tokens by…

  • NewsJun 1, 2026

    OpenAI Codex Authentication Tokens Stolen via codexui-android npm Supply Chain Attack

    Cybersecurity researchers have uncovered a malicious npm package named codexui-android that targets developers using OpenAI Codex by masquerading as a…

  • NewsMay 18, 2026

    Developer Workstations Are Now Part of the Software Supply

    Supply chain attackers are no longer just targeting repositories and CI/CD pipelines — they're going after the developer workstations that hold the keys...

  • NewsMay 18, 2026

    Shai-Hulud Worm Clones Spread After Code Release

    The public release of the Shai-Hulud worm source code by TeamPCP has triggered a wave of copycat variants appearing across the npm ecosystem. Security...

  • NewsMay 15, 2026

    Popular node-ipc npm Package Compromised to Steal

    Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication npm package, in a new...

  • NewsMay 11, 2026

    TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks

    Supply chain threat actor TeamPCP has struck again, publishing a tampered version of the Checkmarx Jenkins AST plugin to the Jenkins Marketplace — just...

  • NewsApr 6, 2026

    How LiteLLM Turned Developer Machines Into Credential

    The TeamPCP threat actor's March 2026 supply chain attack against LiteLLM exposed a dangerous blind spot: developer workstations running local AI agents...

  • NewsApr 1, 2026

    Axios NPM Package Breached in North Korean Supply Chain

    A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored versions of the widely used...

  • NewsMar 31, 2026

    Attack on Axios Developer Tool Threatens Widespread

    Security researchers at multiple firms are sounding alarms over a supply chain attack against Axios, an npm package with 100 million weekly downloads....

  • NewsMar 31, 2026

    Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

    Two newly published versions of the widely used Axios HTTP client library — v1.14.1 and v0.30.4 — were found to contain a malicious fake dependency that...

  • NewsMar 16, 2026

    GlassWorm ForceMemo: Stolen GitHub Tokens Used to Poison

    The GlassWorm threat actor has launched a new sub-campaign called ForceMemo, using stolen GitHub tokens to silently force-push malware into hundreds of...

  • NewsMar 14, 2026

    GlassWorm Escalates: 72 Malicious Open VSX Extensions Use

    The GlassWorm self-propagating worm campaign has compromised 72 Open VSX extensions using invisible Unicode Private Use Area characters and a Solana...

  • SecurityMar 13, 2026

    Critical CORS + Path Traversal in TinaCMS CLI Dev Server

    A critical CVSS 9.6 vulnerability in TinaCMS prior to 2.1.8 combines a permissive CORS policy with a path traversal flaw, enabling a remote attacker to...

  • NewsFeb 17, 2026

    Trojanized MCP Server Deploys StealC Infostealer Targeting

    A SmartLoader campaign distributes a trojanized Model Context Protocol (MCP) server disguised as Oura Health's legitimate tool, deploying StealC...