Computing

Lazarus Group hiding malware in GitHub and open-source packages

A North Korean hacking group has been identified as using malicious Javascript implants to steal cryptocurrency. North Korea’s Lazarus Group is carrying out a new cyberattack campaign that targets ...

Node.js: Updated versions patch high-risk security vulnerabilities

Several security vulnerabilities, some classified as high-risk, have been discovered in the popular JavaScript runtime ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.