Supply chain attack hits 300 million-download Axios npm package

A widely used JavaScript package used with hundreds of millions of downloads has been compromised in a new supply chain ...
Decrypt

Anthropic Accidentally Leaked Claude Code's Source—The Internet Is Keeping It Forever

Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.
Nextgov

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will ...
Decrypt

OpenClaw Developers Lured in GitHub Phishing Campaign Targeting Crypto Wallets

The phishing campaign lures OpenClaw developers with fake $5,000 token airdrops, then drains wallets through a cloned site ...

Daily Digest: S.F. Goldman Sachs employee files claim, how an entrepreneur is bringing wine to Wine Country

Goldman Sachs is facing allegations that it forced a San Francisco-based investment advisor into retirement with a 24-hour ...

Claude Code's source code appears to have leaked: here's what we know

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...

PolyShell attacks target 56% of all vulnerable Magento stores

Attacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are ...

Parents, board members scramble to keep private school open after $13M debt scandal

The school, which has campuses in the South End, Jamaica Plain and Providence, Rhode Island, revealed last week that its ...

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.
The Indiana Lawyer

Democrats storm out of Justice Department leaders’ briefing on the Epstein files

Democratic lawmakers on Wednesday stormed out of a closed-door briefing on the Jeffrey Epstein files by Justice Department leaders and said they would push to force Attorney General Pam Bondi to ...
AdExchanger

The JavaScript Overload; Whatever, AI Will Handle It

Why do individual web pages now require as much memory to run as an entire operating system did 30 years ago? Ad tech, baby.