ActiveState, a global leader in open source language solutions and secure software supply chain management, today announced it has grown its catalog of secure open source components to 79 million, ...

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.

Moonwell’s $1.78 million oracle mispricing exploit is reigniting debate over “vibe-coded” smart contracts and how AI tools ...

Anthropic's Claude Opus 4.6 surfaced 500+ high-severity vulnerabilities that survived decades of expert review. Fifteen days later, they shipped Claude Code Security. Here's what reasoning-based ...

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.

ThreatsDay Bulletin tracks active exploits, phishing waves, AI risks, major flaws, and cybercrime crackdowns shaping this week’s threat landscape.

While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...