Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...
Decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...
SecurityWeek

Mirasvit Vulnerability Exploited to Execute Code on Magento Servers

Hackers are exploiting a critical vulnerability in Mirasvit Full Page Cache Warmer to execute code remotely on Magento ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...
InfoWorld

Hole in GitHub’s browser-based VSCode editor could lead to stolen token

Its disclosure raises questions about what security researchers should expect from vendors, and how far in advance of its ...
Decrypt

AI Is Helping Discover Tech Vulnerabilities—And Zcash Is Just the Latest Example

Frontier AI models have evolved into bug-finding tools, uncovering vulnerabilities across the tech world—and now in crypto ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Bleeping Computer

Red Hat npm packages compromised to steal developer credentials

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, ...
Infosecurity Magazine

Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets

Red Hat's official npm namespace has been hijacked to push backdoored package versions built to steal cloud and developer ...
The Hacker News

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited ...