Claude Code leak used to push infostealer malware on GitHub

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar ...

AWS Deploys AI Agents To Do The Work Of DevOps And Security Teams

AWS launches two autonomous AI agents for DevOps and security that work without human oversight, challenging the economics of ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

AWS pushes to automate application monitoring and penetration testing with AI agents

The DevOp Agent’s primary role is to just sit there monitoring applications in deployment 24/7, ready and waiting for any ...
The Hacker News

Which Code Vulnerabilities Actually Get Fixed? New Code Security Data from 50,000+ Repos

Authentication Failures (A07) show the largest gap in the dataset: a 48-percentage-point difference between leaders and the field. Leaders fix at nearly 60%, while the field sits at roughly 12%.
SecurityWeek

Axios NPM Package Breached in North Korean Supply Chain Attack

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Device code phishing attacks surge 37x as new kits spread online

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year.
PCMag on MSN

Hackers Are Using Claude Code Leak As Bait to Spread Malware

With Anthropic rushing to wipe out the Claude Code leak, hackers are posting malware-laden files on GitHub that they claim ...