The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...
CSO Online

New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads

The Arkanix infostealer combines LLM-assisted development with a malware-as-a-service model, using dual language implementations to maximize reach and establish persistence.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
GitHub

florianbuetow/py-file-deduplication

Dev Notes All Python execution uses uv run, never python directly All tasks use just <target>, never running scripts directly The test suite includes end-to-end tests that create real files on disk, ...
GitHub

A blockchain library built from scratch in Rust. Learn blockchain internals by building them.

ScrapyChain is a modular blockchain library that implements core blockchain primitives from the ground up. It's designed to be a hands-on exploration of how blockchains actually work under the hood: ...