Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

AI Rattles Cybersecurity Markets: What Anthropic’s Code Security Actually Does

AI rattled cybersecurity markets after Anthropic launched Claude Code Security. Here’s what actually changed, what didn’t and how leaders should respond.
SecurityWeek

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.
The Hacker News

RoguePilot Flaw in GitHub Codespaces Enabled Copilot to Leak GITHUB_TOKEN

RoguePilot flaw let GitHub Copilot leak GITHUB_TOKEN, while new studies expose LLM side channels, ShadowLogic backdoors, and promptware risks.

Marquis sues firewall provider SonicWall, alleges security failings with its firewall backup led to ransomware attack

Fintech giant Marquis is suing its firewall provider SonicWall, claiming that an earlier breach with SonicWall allowed hackers to deploy ransomware on Marquis' network.
CSO Online

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...
InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.

An AI agent nuked 200 emails. This guardrail stops the next disaster

There is a way to let AI agents organize your email, manage your files, and perform other magical tasks without nuking your data. Just ask a coder.