Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

Claude Code's source code appears to have leaked: here's what we know

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...
Decrypt

Anthropic Accidentally Leaked Claude Code's Source—The Internet Is Keeping It Forever

Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.
Cybernews

Code trust crisis: Is it safe to update your system during an active supply chain attack?

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...
The Caledonian-Record

SQRIL: First to Launch Stablecoin-to-Fiat QR Code Payments in Thailand and Cambodia

SQRIL, the world’s first crossborder scan-to-pay QR code infrastructure for emerging markets, today announced its expansion into Thailand and Cambodia. This milestone makes ...

This popular app builder is being abused to trick users - here's what we know

Cybercriminals abuse Bubble.io no-code platform to host phishing apps Trusted domain bypasses email security, tricking victims into Microsoft 365 credential theft Kaspersky warns technique likely to ...
Security Boulevard

7 Enterprise Infrastructure Tools That Eliminate Months of Engineering Work

Discover 7 enterprise infrastructure tools that reduce engineering workload, speed deployment, and eliminate months of manual ...

This popular app builder has been hijacked to steal Microsoft account details - here's what we know

Bubble.io's good name is being tarnished by advanced and convincing phishing lures.
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
Cyber Daily

Code security platform Trivy compromised by malicious packages

The open-source supply chain hack represents “meaningful industry-wide risk”, according to an industry expert.
GitHub

IP2Location.io MCP server

This is a simple Model Context Protocol (MCP) server implementation for IP2Location.io API. It will return a detailed geolocation information for any given IPv4 or IPv6 address. This MCP server ...