SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
Security Boulevard

10 Warning Signs Your Current Authentication Stack Is a Breach Waiting to Happen

Run a quick self-audit against 10 warning signs that your authentication stack has critical vulnerabilities. Each sign includes a diagnostic check, an explanation of why it's dangerous, and a concrete ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
The Hacker News

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

LofyGang resurfaces with LofyStealer disguised as Minecraft hack, exfiltrating IBANs and passwords to 24.152.36[.]241, ...
CoinDesk

Wasabi Protocol drained of $4.5 million in apparent admin key compromise

The exploit used a similar playbook as Drift's $285 million breach earlier this month — a compromised deployer key with no ...

The most severe Linux threat to surface in years catches the world flat-footed

Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of ...
GovInfoSecurity

Socket Buys Secure Annex to Expand Supply-Chain Visibility

Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

A secretive AI hacking system has sparked a global scramble

Anthropic’s Mythos AI is rattling Washington, prompting the Trump administration to try to confront its cybersecurity risks.
eWeek

Amazon Welcomes OpenAI to Its Cloud Portfolio

AWS grabs OpenAI, Google courts the Pentagon, and Microsoft races to plug a zero-click hole. Cloud, code, and combat are suddenly one tangled leaderboard. Ready up, because this bracket's reshuffling ...

Attack of the killer script kiddies

For decades, this type of no-skill hacker, known as a script kiddie, has wreaked havoc, running scripts they ripped from the ...

Does calling ‘Jessica’ stop a kid’s tantrum? The algorithm wants you to think so

With the latest TikTok trend, social media parenting advice has hit its peak. The problem is, some things don’t need fixing ...