Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

OpenClaw has sparked heavy Telegram and dark web chatter, but Flare's data shows more research hype than mass exploitation. Flare explains how its telemetry found real supply-chain risk in the skills ...

Anthropic's Claude Opus 4.6 surfaced 500+ high-severity vulnerabilities that survived decades of expert review. Fifteen days later, they shipped Claude Code Security. Here's what reasoning-based ...

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.

While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.

Orca has discovered a supply chain attack that abuses GitHub Issue to take over Copilot when launching a Codespace from that ...

Come for the coding test, stay for the C2 traffic Next.js developers are once again in the crosshairs as hackers seed ...

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Memphis Light, Gas, and Water identified the cause of the water main break on Sunday, as work downtown continues through the weekend. According to MLGW, a "vintage pipe from the early 1900s" was the ...