GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.
GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...
The exposure traces back to version 2.1.88 of the @anthropic-ai/claude-code package on npm, which was published with a 59.8MB JavaScript source map intended only for internal ...
Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...
The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...
IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
1d
Do not fall for this fake Windows update support site. It’s spreading a password-stealing malware
Malwarebytes warns that a fake Microsoft support site is distributing password-stealing malware through a spoofed Windows update installer ...
Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, impacting multiple OS.
A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...
13d
Polymarket is banned in Ontario. Flyers advertising it were handed out outside a Jays game anyway
Flyers promoting U.S.-based prediction market platform Polymarket were distributed outside the Rogers Centre during the ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results