Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
The Hacker News

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

GitHub facades and Ethereum smart contracts power a March 2026 admin-targeted campaign, enabling resilient C2 rotation and ...

eScan Enterprise DLP Closes Critical GitHub Access Control Gap for Organizations

GitHub Team accounts leave enterprises exposed. eScan enforces corporate-only authentication across all GitHub tiers — ...
SecurityWeek

SAP NPM Packages Targeted in Supply Chain Attack

Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

ActiveState Curated Catalog Secures AI-Generated Code Across Any Development Environment

ActiveState, a global leader in trusted, managed open source software, today announced expanded support for AI-assisted development environments through the ActiveState Curated Catalog. Because the ...
CSO Online

More fake extensions linked to GlassWorm found in Open VSX code marketplace

The threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has ...
CIOOpinion

Shadow AI morphs into shadow operations

In 2026, AI threats shift from data leaks to operational chaos. Shadow agents with high-privilege access risk enterprise ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

An Overlooked Shift: Hiring Managers Are Being Replaced

Over three days, I sat in dozens of sessions where enterprise leaders casually described hiring workflows that required zero ...
ZME Science

Turns out, you can fool the world’s smartest AIs by using weird, monk-like language

The study suggests that some of the world’s most advanced language models still struggle to recognize malicious intent when ...