The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...
TechSpot

Anthropic accidentally exposed Claude Code source, raising security concerns

What we know so far: Anthropic is facing renewed scrutiny from the AI and security communities after internal source code for Claude Code – its fast-growing agentic development environment – was ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...
Communications of the ACM

Why Periodic Testing Fails Modern Apps

A 90-day testing cycle does not just fall short of that number. It runs straight into it. The reality is that modern ...

Google shoehorned Rust into Pixel 10 modem to make legacy code safer

To protect the Pixel modem from zero-day attacks, Google focused on the DNS parser. As cellular features have migrated to ...

Operant AI Launches CodeInjectionGuard to Defend AI Agents Against Runtime Code Injection Attacks

New capability intercepts and blocks malicious code at the point of execution, closing the critical gap between vulnerability ...

Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...
Communications of the ACM

Is There a Way to Solve the Reproducibility Problem?

Reproducibility is fundamental to science. Yet digital technology casts an increasingly long shadow on the principle. When independent investigators examine studies, they are unable to validate about ...
Unite.AI

Abby Kearns, CEO of ActiveState – Interview Series

Abby Kearns is CEO of ActiveState and a technology executive with more than 25 years of experience building and scaling enterprise software organizations. She previously served as CTO of Puppet, where ...
Security Boulevard

AI Vulnerability Chaining – Why Your Security Stack Cannot Detect What Comes Next

Mythos combined four separate low-severity bugs into a complete browser sandbox escape. Traditional scanners evaluate ...