Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsStudyTraining
ProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Study
Training
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1310+ Articles
157+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
13 articles

#Developer Security

All CosmicBytez Labs articles tagged #Developer Security, across news, security advisories, how-to guides, and projects.

  • NewsJun 1, 2026

    OpenAI Codex Authentication Tokens Stolen via codexui-android npm Supply Chain Attack

    Cybersecurity researchers have uncovered a malicious npm package named codexui-android that targets developers using OpenAI Codex by masquerading as a legitimate remote web UI tool, silently exfiltrating authentication tokens to attacker-controlled servers via postinstall hooks.

  • NewsMay 18, 2026

    Developer Workstations Are Now Part of the Software Supply

    Supply chain attackers are no longer just targeting repositories and CI/CD pipelines — they're going after the developer workstations that hold the keys...

  • NewsMay 18, 2026

    Shai-Hulud Worm Clones Spread After Code Release

    The public release of the Shai-Hulud worm source code by TeamPCP has triggered a wave of copycat variants appearing across the npm ecosystem. Security...

  • NewsMay 15, 2026

    Popular node-ipc npm Package Compromised to Steal

    Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication npm package, in a new...

  • NewsMay 11, 2026

    TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks

    Supply chain threat actor TeamPCP has struck again, publishing a tampered version of the Checkmarx Jenkins AST plugin to the Jenkins Marketplace — just...

  • NewsApr 6, 2026

    How LiteLLM Turned Developer Machines Into Credential

    The TeamPCP threat actor's March 2026 supply chain attack against LiteLLM exposed a dangerous blind spot: developer workstations running local AI agents...

  • NewsApr 1, 2026

    Axios NPM Package Breached in North Korean Supply Chain

    A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored versions of the widely used...

  • NewsMar 31, 2026

    Attack on Axios Developer Tool Threatens Widespread

    Security researchers at multiple firms are sounding alarms over a supply chain attack against Axios, an npm package with 100 million weekly downloads....

  • NewsMar 31, 2026

    Axios Supply Chain Attack Pushes Cross-Platform RAT via

    Two newly published versions of the widely used Axios HTTP client library — v1.14.1 and v0.30.4 — were found to contain a malicious fake dependency that...

  • NewsMar 16, 2026

    GlassWorm ForceMemo: Stolen GitHub Tokens Used to Poison

    The GlassWorm threat actor has launched a new sub-campaign called ForceMemo, using stolen GitHub tokens to silently force-push malware into hundreds of...

  • NewsMar 14, 2026

    GlassWorm Escalates: 72 Malicious Open VSX Extensions Use

    The GlassWorm self-propagating worm campaign has compromised 72 Open VSX extensions using invisible Unicode Private Use Area characters and a Solana...

  • SecurityMar 13, 2026

    Critical CORS + Path Traversal in TinaCMS CLI Dev Server

    A critical CVSS 9.6 vulnerability in TinaCMS prior to 2.1.8 combines a permissive CORS policy with a path traversal flaw, enabling a remote attacker to...

  • NewsFeb 17, 2026

    Trojanized MCP Server Deploys StealC Infostealer Targeting

    A SmartLoader campaign distributes a trojanized Model Context Protocol (MCP) server disguised as Oura Health's legitimate tool, deploying StealC...