GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on ...

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar ...

GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...

Adobe patches CVE-2026-34621 after active exploitation since Dec 2025, preventing remote code execution via malicious PDFs.

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...

After details of a yet-to-be-announced model were revealed due to the company leaving unpublished drafts of documents and ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

The exposure traces back to version 2.1.88 of the @anthropic-ai/claude-code package on npm, which was published with a 59.8MB ...

IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...