The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...

Attack on GitHub.dev steals OAuth token for all repos

The web version of the VS Code editor on GitHub.dev had a security vulnerability that allowed attackers to take over all of a ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Google patches new Chrome zero-day flaw exploited in the wild

Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
The Hacker News

Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens

VS Code flaw exposes GitHub OAuth tokens via one-click attack on GitHub.dev, enabling private repo access and token theft.
Tech Times

Fake Claude Code Installers on 32 Live Sites Steal Developer API Keys via Google Ads

Fake Claude Code installer malware used Google Ads to place spoofed AI tool pages above real documentation since March 2026.
Tech Times

Cloudflare Buys VoidZero: Vite’s 130M Weekly Users Get a New Vendor-Neutrality Pledge

Cloudflare VoidZero acquisition gives a competing CDN governance of Vite, the open source JavaScript build tool with 130 ...

CrowdStrike 2026 Technology Threat Landscape Report: China Steals AI Capabilities It Can’t Build

CrowdStrike (NASDAQ: CRWD) today released the CrowdStrike 2026 Technology Threat Landscape Report, revealing that China-nexus ...
Developer Tech

Anthropic says AI can turn software patches into exploits within hours

Anthropic’s AI turned Firefox and Windows software patches into exploits within hours, including one Windows proof-of-concept ...

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

D Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with ...