Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...
The New York Times

Trump’s Self-Indulgence Deepens G.O.P. Fears in Midterms

“The stupid stuff is killing our chances,” said a retiring Republican senator. “The stupid stuff is killing our chances,” said a retiring Republican senator. President Donald Trump.Credit...Anna Rose ...
VentureBeat

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply ...

GitHub confirmed on May 20 that a poisoned VS Code extension installed on an employee’s device gave attackers access to roughly 3,800 internal repositories at the Microsoft-owned code storage and ...
The Next Web

GitHub confirms hackers stole thousands of internal code repositories after employee ...

GitHub confirmed that the cybercrime group TeamPCP exfiltrated roughly 3,800 internal code repositories after compromising an employee device through a poisoned VS Code extension. The Microsoft-owned ...
SecurityWeek

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A compromised maintainer account was used to publish malicious package versions across the @antv namespace. A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub ...
Infosecurity-magazine.com

GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension

The Microsoft-owed software developer platform, GitHub, has confirmed a third-party has gained unauthorized access to 3800 internal repositories. The breach was detected on May 19 and likely comes ...
Windows Report

Report: Microsoft “Winding Down” Claude Code Use Internally in Favor of GitHub Copilot CLI

Microsoft appears to be gearing up to change the way engineers within the company use its AI coding tools, with a new report hinting that Microsoft is reducing reliance on Anthropic’s Claude Code in ...
The Verge

Microsoft starts canceling Claude Code licenses

Thousands of Microsoft developers will use GitHub Copilot CLI instead Thousands of Microsoft developers will use GitHub Copilot CLI instead is a senior correspondent and author of Notepad, who has ...
Dark Reading

Trellix Source Code Breach Highlights Growing Supply Chain Threats

Cybersecurity vendor Trellix published a terse statement last Friday, disclosing that a threat actor recently gained unauthorized access to "a portion of our source code repository." Trellix did not ...