New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project...
code
Vonage, Girls Who Code Show What ‘Responsible AI’ Looks Like
Image: Girls Who Code As AI reshapes software development, cybersecurity, and business technology, the companies that stand out will not...
Attacking the MCP Trust Boundary
Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even...
Big Tech can stop scams. They just don’t (Lock and Code S07E08)
The post Big Tech can stop scams. They just don’t (Lock and Code S07E08) appeared first on Malwarebytes. This week...
When AI Writes Code, Who Governs the Dependencies?
The post When AI Writes Code, Who Governs the Dependencies? appeared first on 2024 Sonatype Blog. The Department of War’sCall...
Web Supply Chain Risk in ANZ: Why the Browser is the New Front Line
Right now, code is executing in your users’ browsers that your WAF has never inspected, your DAST never tested, and...
Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution
Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution Pierluigi Paganini April 07, 2026 Attackers are exploiting a critical...
Nvidia’s SchedMD acquisition puts open-source AI scheduling under scrutiny
“Slurm’s open-source foundation offers safeguards such as transparent code, forking ability, and community governance, but SchedMD’s control gives Nvidia soft...
Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do
Key takeaways: Attackers rapidly leveraged the Claude Code packaging error incident to distribute credential-stealing malware using fake GitHub repositories. This demonstrates how quickly threat actors can...
SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code
SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code Pierluigi Paganini April 01, 2026 SentinelOne AI stopped a LiteLLM...
Anthropic accidentally leaks Claude Code
Anthropic accidentally leaks Claude Code Pierluigi Paganini March 31, 2026 Anthropic accidentally exposed Claude Code source via npm, causing the...
Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution
Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution Pierluigi Paganini March 30, 2026 Attackers are exploiting a critical...
Try our new dimensional analysis Claude plugin
We’re releasing a new Claude plugin for developing and auditing code that implements dimensional analysis, a technique we explored...
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than...
North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware
North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware Pierluigi Paganini March 24, 2026 North Korea-linked threat...
