Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
Hackaday

This Week In Security: Flatpak Fixes, Android Malware, And SCADA Was IOT Before IOT Was Cool

Rowhammer attacks have been around since 2014, and mitigations are in place in most modern systems, but the team at gddr6.fail has found ways to apply the attack to current-generation GPUs.
Decrypt

Anthropic Accidentally Leaked Claude Code's Source—The Internet Is Keeping It Forever

Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.

Claude Code source code accidentally leaked in NPM package

Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no ...
CoinTelegraph

Sweden probes reported leak of e-government platform source code

Sweden is investigating a reported leak tied to CGI Sverige after hackers claimed they exposed source code from the country’s e-government platform. A threat actor has claimed to have leaked source ...
The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.
Searchenginejournal.com

Google’s March 2026 Spam Update Is Already Complete

Google started rolling out the March 2026 spam update on March 24. The updated was completed in less than 24 hours. The update applies globally and to all languages. Google has finished rolling out ...
Searchenginejournal.com

Google’s March Spam Update Felt Muted But May Signal Bigger Changes

Google's spam update was generally welcomed by SEOs. But it was also largely ignored, and when finished, the impact felt anticlimactic. This is because spam updates are not always the point. What may ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
Geeky Gadgets

Using Claude Code & Nano Banana 2 to Create 3D Websites & Animations

Claude Code and Nano Banana 2 are platforms designed to support website design by combining functionality and ease of use. As explored by Jack Roberts, these platforms offer features like responsive ...
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
TechRepublic

Microsoft Authenticator Flaw on Android, iOS Could Leak Login Codes for Millions

Microsoft Authenticator Flaw on Android, iOS Could Leak Login Codes for Millions Your email has been sent A newly discovered vulnerability in Microsoft Authenticator could expose sensitive login codes ...