🔓 AI Dev Tools Hacked & Password Vaults Stolen — What You Need to Know Today
Two stories from today's security news deserve your immediate attention: a supply chain attack targeting millions of developers, and a password manager breach that puts encrypted vaults in attackers' hands.
70 AI Developer Tools Pulled from GitHub After Malware Discovery
Microsoft just took down roughly 70 open source projects from GitHub after discovering they had been infected with malware. The compromised tools were tied to some of the most popular developer platforms in the world — Azure, Claude Code, Gemini CLI, and VS Code. When developers installed or opened these tools, attackers silently captured their passwords and credentials in the background.
Think of it like buying a padlock that secretly makes a copy of your key. The breach appears to stem from an earlier compromise of Microsoft's Durable Task project, suggesting attackers maintained persistent access and struck again. If you're a developer who uses these tools, now is the time to rotate credentials and audit recent activity.
Dashlane Password Vaults Downloaded by Attackers — Here's How It Happened
Dashlane, one of the most widely used password managers, has revealed that attackers were able to register unauthorized devices on fewer than 20 accounts and download users' encrypted password vaults. The attackers exploited Dashlane's device-enrollment process by brute-forcing one-time 2FA codes across thousands of accounts until they found valid tokens.
The good news: the vaults are encrypted and protected with Argon2, a strong hashing algorithm. The bad news: if your master password is weak or reused elsewhere, attackers may be able to crack it offline. Affected users should change their master password and update credentials stored in the vault immediately. This is also a reminder for everyone using a password manager to make sure your master password is long, unique, and something you've never used anywhere else.
Stay ahead of threats like these with GOCO Security at gocosecurity.com.
.jpg)
Comments
Post a Comment