Dark Reading

Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

Factory 2.0 deepens security with new AI tools, Actions, and Skills to continuously reconcile open-source artifacts across ...
CoinDesk

How a Solana feature designed for convenience let attackers drain more than $270 million from Drift

The exploit did not involve a bug in Drift's code. It used "durable nonces," a legitimate Solana transaction feature, to pre-sign administrative transfers weeks before executing them, bypassing the ...

New Progress ShareFile flaws can be chained in pre-auth RCE attacks

Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable ...
Infosecurity Magazine

GitHub Used as Covert Channel in Multi-Stage Malware Campaign

A series of malicious LNK files targeting users in South Korea has been detected using a multi-stage attack chain that uses ...

Anthropic says its leak-focused DMCA effort unintentionally hit legit GitHub forks

“The repo named in the notice was part of a fork network connected to our own public Claude Code repo, so the takedown ...
CoinDesk

Audit admin keys, not just code, expert says after $200 million Drift exploit

Gold, silver fall as investors doubt Trump’s exit plan (The Wall Street Journal): Gold and silver prices swung into the red, ...

In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now

Gartner issued a same-day advisory after Anthropic leaked Claude Code's full architecture. CrowdStrike CTO Elia Zaitsev and ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Anthropic took down thousands of GitHub repos trying to yank its leaked source code — a move the company says was an accident

On Tuesday, a software engineer discovered that Anthropic had, seemingly by accident, included access to the source code for ...
CSO Online

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

A simple prompt sent Claude Code on a mission that uncovered major security vulnerabilities in popular text editors — and ...
Microsoft

WhatsApp malware campaign delivers VBScript and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...