GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had spread to at least 169 packages across the npm registry, the world’s ...

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate ...

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

A surfing competition was thrown into chaos after a photographer was bitten in the water, triggering fears of a shark attack.

A Distributed Denial of Service (DDoS) attack recently targeted BridgeMind’s API, flooding it with millions of requests and disrupting services. To mitigate the issue, the team relied on Claude Code, ...

A sneaky IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones ...

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, ...