A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
Forbes

Warning Issued As Fake Claude Code Installer Attacks Confirmed

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Security researchers have uncovered a previously undocumented attack campaign targeting ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
CoinTelegraph

Kelp DAO exploit prompts DeFi protocols to rethink oracle providers

Solv Protocol and other DeFi projects are migrating to Chainlink infrastructure after the $293 million exploit exposed risks in third-party bridge and oracle setups. Decentralized finance protocols ...
The New York Times

What to Know About the Stabbing Attack Against 2 Jewish Men in London

The British police said the attack on Wednesday was being treated as terrorism, and they warned of rising antisemitic hate crimes. By Megan Specia Reporting from London A knife attack against two ...
Dark Reading

Trellix Source Code Breach Highlights Growing Supply Chain Threats

Cybersecurity vendor Trellix published a terse statement last Friday, disclosing that a threat actor recently gained unauthorized access to "a portion of our source code repository." Trellix did not ...
Bleeping Computer

Ivanti warns of new EPMM flaw exploited in zero-day attacks

Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. The security flaw (tracked as CVE-2026-6973) ...
The New York Times

Attacks on Jewish Targets in Europe Suggest Hybrid Warfare

Officials are investigating similar attacks across Europe, all claimed by a shadowy Islamist group that may be using low-cost, unsophisticated methods to sow fear in Jewish communities. By Megan ...
Bleeping Computer

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. The ...
VentureBeat

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

On March 30, BeyondTrust proved that a crafted GitHub branch name could steal Codex’s OAuth token in cleartext. OpenAI classified it Critical P1. Two days later, Anthropic’s Claude Code source code ...
Hosted on MSN

Credential attacks push Oracle Cloud identity security to forefront

Identity under siege: Credential-based breaches are rising, with attackers leveraging legitimate logins to infiltrate cloud and SaaS systems undetected. Shifting security focus: Oracle Cloud ...
CBS News

U.S. strikes 2 Iranian ports as American warships come under fire

James LaPorta is the national security coordinating producer for the CBS News' Washington bureau. He is a former U.S. Marine veteran infantryman and veteran of the Afghanistan war. Washington — Three ...