Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users

Exclusive: Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive ...
Cyber Daily

Your developers work for cyber gangs

In-house software built in March with open-source components may include malware placed there by criminals. This isn’t a ...
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

They thought they were downloading Claude Code source. They got a nasty dose of malware instead

A malicious GitHub repository published by idbzoomh uses the Claude Code exposure as a lure to trick people into downloading ...
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software packages, to distribute a cross-platform, ...

GitHub developers targeted by fake VS Code alerts spreading malware

Socket uncovers large-scale GitHub spam campaign abusing “Discussions” notifications Fake advisories with bogus CVEs trick developers into downloading malware via cloud-hosted links Thousands of ...