InfoQ

Vercel Releases React Best Practices Skill with 40+ Performance Rules for AI Agents

Vercel has launched "react-best-practices," an open-source repository featuring 40+ performance optimization rules for React and Next.js apps. Tailored for AI coding agents yet valuable for developers ...
Bleeping Computer

Glassworm malware returns in third wave of malicious VS Code packages

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. OpenVSX and ...
PCGamesN

Minecraft modding is about to change forever as Mojang announces huge Java Edition news

Mojang has dropped some huge news for Minecraft Java players - especially those that love to mod. While the modding scene is already thriving in Minecraft, it's not as accessible as you'd expect for ...
The Patriot Ledger

Unexpected package at your door? Officials say it could be a scam

Have you ever received an unexpected package in the mail? It may not be a gift – you could be the victim of a brushing scam, according to the United States Postal Inspection Service. A brushing scam ...
Bleeping Computer

NPM package caught using QR Code to fetch cookie-stealing malware

Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's server. The package, masquerading as a utility library, leverages this innovative ...
WGAL

Chambersburg police and FBI warn of QR code scam involving unsolicited packages

WGAL NEWS EIGHT. POLICE IN CHAMBERSBURG IN THE FBI WANT YOU TO BE ON ALERT FOR A SCAM INVOLVING UNSOLICITED PACKAGES AND QR CODES. THEY SAY THIS IS A VARIATION OF A BRUSHING SCAM. THE FBI SAYS ...
TechRepublic

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week Your email has been sent An attack targeting the Node.js ecosystem was just identified ...
Fox News

FBI warns of QR code scam disguised in mystery packages

QR codes that were once seen as a convenient shortcut for checking menus or paying bills have increasingly been turned into weapons. Fake delivery texts, counterfeit payment links and malicious codes ...
Krebs on Security

18 Popular Code Packages Hacked, Rigged to Steal Crypto

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...
Forbes

Do Not Scan These Package QR Codes, FBI Warns

You have been warned — do not scan here. An “impossible” to detect smartphone threat is now surging, with a new warning that more than 4 million attacks were observed “in the first half of 2025 alone.
Santa Rosa Press Democrat

Don’t scan QR codes on unsolicited packages delivered to your house, FBI warns

The FBI is warning people of a new scam involving fake packages with QR codes designed to steal data. If people scan the code on a package they were not expecting, it prompts them to provide personal ...