The Hacker News

Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor

A fake Go module posing as golang.org/x/crypto captures terminal passwords, installs SSH persistence, and delivers the ...

Trend Micro warns of critical Apex One code execution flaws

Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on ...
SecurityWeek

Claude Code Flaws Exposed Developer Devices to Silent Hacking

Vulnerabilities in Anthropic’s Claude Code tool could have allowed attackers to silently gain control of a developer’s ...
GovInfoSecurity

Malicious Repo Files Could Hijack Claude Code Sessions

Check Point research found three critical flaws in Anthropic's Claude Code that allow attackers to execute arbitrary commands and steal API keys through repository ...

Security experts flag multiple issues in Claude Code, warning

An AI assistant can quickly turn into a malicious insider, so be careful with permissions.

Researchers warn OpenClaw users after malicious plugins surface on ClawHub

OpenClaw’s plugin marketplace, ClawHub, has come under security scrutiny after researchers uncovered a large number of malicious plugins embedded within the platform. Blockchain security firm SlowMist ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Engadget

Hackers injected malicious code into several Chrome extensions in recent attack

Hackers were reportedly able to modify several Chrome extensions with malicious code this month after gaining access to admin accounts through a phishing campaign. The cybersecurity company Cyberhaven ...
Bleeping Computer

Apiiro unveils free scanner to detect malicious code merges

Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb supply chain attacks. The two ...
SD Times

New open source tools to detect, defend against malicious code

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...