SecurityWeek

Claude Code Flaws Exposed Developer Devices to Silent Hacking

Vulnerabilities in Anthropic’s Claude Code tool could have allowed attackers to silently gain control of a developer’s computer.
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
SecurityWeek

‘Arkanix Stealer’ Malware Disappears Shortly After Debut

The Arkanix Stealer malware can collect and exfiltrate system information, browser data, VPN information, and arbitrary files ...
InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
CSO Online

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...

Fake CAPTCHA attacks exploded by 563% last year: How to spot them and stay safe online

You might not think of a CAPTCHA check as a cybercrime lure, but if you fall prey to one, you may become infected with malware. Learn how to spot them with our guide.
CSO Online

New Arkanix stealer blends rapid Python harvesting with stealthier C++ payloads

The Arkanix infostealer combines LLM-assisted development with a malware-as-a-service model, using dual language implementations to maximize reach and establish persistence.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...