Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...

Anthropic has exposed Claude Code's source code, with a packaging error triggering a rapid chain reaction across GitHub and ...

Would you like a closer look at Claude? Someone at Anthropic has some explaining to do, as the official npm package for ...

This is the mothership of all code leaks! The code of #ClaudeCode has been leaked! The big deal is that #Anthropic is a ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

Anthropic accidentally exposed over half a million lines of its Claude Code, triggering a rapid global effort to copy and ...

Learn how to detect compromise, assess your exposure to the LiteLLM supply chain attack, and use GitGuardian to orchestrate rapid incident response and secret remediation.

Karpathy proposes something simpler and more loosely, messily elegant than the typical enterprise solution of a vector ...

Security teams are scrambling after two malicious releases of the Telnyx Python SDK were uploaded to PyPI on March 27, turning a widely used developer tool into a credential-stealing backdoor that ...

AI firm Anthropic accidentally leaked its Claude Code source code via an npm package, revealing unreleased features like an ...