The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Hackers are exploiting Anthropic's accidental Claude Code source leak to distribute Vidar and GhostSocks malware through fake ...

Fake Claude Code leak repos on GitHub are pushing Vidar malware at users hunting for Anthropic’s exposed source code.

M stolen after six-month DPRK social engineering campaign began fall 2025, exposing Drift’s contributors and cloud assets.

In order to spread Vidar information-stealing malware, threat actors are taking advantage of the recent Claude Code source ...

A Python package presented as a privacy-first shortcut to AI models has been unmasked as a supply-chain threat that quietly captures user prompts, leans on a private university service without ...

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...

A threat actor has used 36 malicious NPM packages posing as Strapi plugins to distribute malware targeting Redis, Docker, and ...

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...

PRT-scan is the second campaign in recent months where a threat actor has leveraged AI for automated targeting of a ...

North Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer's computer in a ...

The North Korean threat actor behind the Axios supply chain attack has been targeting high-profile Node.js maintainers.