The never-ending supply chain attacks worm into SAP npm packages, other dev tools

Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...
Cryptopolitan

Crypto trading tools under threat from Claude malware

A threat group planted a malicious npm package in a crypto trading project through an AI-generated commit by Anthropic's ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
The Hacker News

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...
InfoWorld

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
XDA Developers on MSN

Your Chrome new tab page is a vibe coding project waiting to happen

The least exciting page in your browser is also the easiest one to vibe-code.

OpenAI to Apple macOS users: Update ChatGPT, Codex and its other apps before May 8 or lose ...

If you use any OpenAI apps on your Mac, here's something you don't want to ignore. OpenAI is requiring all macOS users to ...

LinkDaddy LLC Launches AI Verified to Solve SME Knowledge Graph Exclusion

LinkDaddy LLC, the Florida-registered digital infrastructure company founded by Anthony James Peacock, today announced the ...
Cryptopolitan

Hackers plant 73 sleeper extensions in OpenVSX to steal crypto wallets

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...
The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...
The Caledonian-Record

Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite ...

AI assistants beyond pilot94% struggle with multi-tool complexity as AI risks expand across email, cloud, collaboration, and AI systems ...