Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

Ever wonder why packaging a Python app and its dependencies as a single executable is such a pain? Blame it on the dynamism ...

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other ...

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...

Hackers are exploiting a recent accidental source code leak from Anthropic to spread Vidar infostealer malware via fake GitHub repositories. These malicious sites have even managed to appear in top ...

Hackers exploit Claude Code leak with fake GitHub repos Malicious files deploy Vidar infostealer and GhostSocks proxy malware Anthropic faces rising scrutiny amid recent vulnerabilities and rapid ...

Anthropic accidentally exposed the source code for Claude Code via an npm package. The leak included around 513,000 lines of unobfuscated TypeScript code across 1,906 files. The exposed code quickly ...

CertiK has advised ordinary users “who are not security professionals, developers, or experienced geeks” against installing and using OpenClaw. The widespread integration of AI assistants such as ...

Cutting corners: The code looked harmless. A GitHub repository, a small freelance task, and a standard request sent over LinkedIn to a blockchain engineer: run this snippet, fix a few bugs, get paid.