Claude Code leak used to push infostealer malware on GitHub

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar ...
SecurityWeek

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...
The Hacker News

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

"The C2 hosts a web-based graphical user interface (GUI) titled 'NEXUS Listener' that can be used to view stolen information ...

Why Anthropic’s Massive Code Leak Is Now a National Security Concern in D.C.

A lawmaker is demanding answers after Anthropic accidentally exposed internal code, warning the leak could erode the U.S. AI ...
The Hacker News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...
Decrypt

Google Researchers Reveal Every Way Hackers Can Trap, Hijack AI Agents

A Google DeepMind paper maps six attack categories against autonomous AI agents—from invisible HTML commands to multi-agent ...
CBSSports.com

Best sportsbook promos and betting bonuses: April 2026

Not all sportsbook promos are created equal. Some reward you just for signing up. Others require a winning bet, a losing bet, or a very specific set of circumstances. We cut through the fine print so ...