#taint-analysis

[ follow ]
#cybersecurity #malware #claude-code #supply-chain-attack #anthropic #ai #ai-security #axios #security
#claude-code
Software development
fromArs Technica
2 days ago

Entire Claude Code CLI source code leaks thanks to exposed map file

Claude Code's complexity and architecture provide valuable insights for competitors and pose security risks for Anthropic.
Software development
fromArs Technica
1 day ago

Here's what that Claude Code source leak reveals about Anthropic's plans

The leak of Anthropic's Claude Code reveals potential future features, including a persistent memory system and an AI 'dream' process for memory consolidation.
Information security
fromSecurityWeek
1 day ago

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.
Information security
fromTheregister
2 days ago

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.
Software development
fromArs Technica
2 days ago

Entire Claude Code CLI source code leaks thanks to exposed map file

Claude Code's complexity and architecture provide valuable insights for competitors and pose security risks for Anthropic.
Software development
fromArs Technica
1 day ago

Here's what that Claude Code source leak reveals about Anthropic's plans

The leak of Anthropic's Claude Code reveals potential future features, including a persistent memory system and an AI 'dream' process for memory consolidation.
Information security
fromSecurityWeek
1 day ago

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.
Information security
fromTheregister
2 days ago

Claude Code's source reveals extent of system access

Claude Code has significant control over devices, raising concerns about data retention and potential misuse in sensitive environments.
more#claude-code
DevOps
fromInfoWorld
9 hours ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.
Software development
fromDevOps.com
1 day ago

Why Code Validation is the Next Frontier - DevOps.com

Shared staging environments are inadequate for modern development; isolated, on-demand setups are needed for effective validation.
Python
fromThe Hacker News
1 day ago

The State of Trusted Open Source Report

AI is reshaping software development and security, influencing container image usage and vulnerability management.
#npm
Node JS
fromInfoQ
1 day ago

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.
Node JS
fromBleepingComputer
3 days ago

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.
Node JS
fromTheregister
3 days ago

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.
Node JS
fromInfoQ
1 day ago

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.
Node JS
fromBleepingComputer
3 days ago

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.
Node JS
fromTheregister
3 days ago

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.
more#npm
#ai
Artificial intelligence
fromFuturism
2 days ago

The Fact That Anthropic Has Been Boasting About How Much Its Development Now Relies on Claude Makes It Very Interesting That It Just Suffered a Catastrophic Leak of Its Source Code

Anthropic's Claude Code AI agent leaked internal source code, raising cybersecurity concerns despite claims of no sensitive data exposure.
Artificial intelligence
fromEngadget
2 days ago

Claude Code leak suggests Anthropic is working on a 'Proactive' mode for its coding tool

Anthropic's Claude Code update inadvertently leaked source code, revealing potential upcoming features and causing significant exposure before being retracted.
Artificial intelligence
fromThe Verge
2 days ago

Claude Code leak exposes a Tamagotchi-style 'pet' and an always-on agent

Leaked code reveals unreleased features and internal instructions for Anthropic's AI tool, Claude, including a Tamagotchi-like pet and a KAIROS feature.
Artificial intelligence
fromSecurityWeek
4 days ago

Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control

AI assistance in policy as code can introduce serious flaws, leading to incorrect access permissions despite syntactically valid policies.
Artificial intelligence
fromFuturism
2 days ago

The Fact That Anthropic Has Been Boasting About How Much Its Development Now Relies on Claude Makes It Very Interesting That It Just Suffered a Catastrophic Leak of Its Source Code

Anthropic's Claude Code AI agent leaked internal source code, raising cybersecurity concerns despite claims of no sensitive data exposure.
Artificial intelligence
fromEngadget
2 days ago

Claude Code leak suggests Anthropic is working on a 'Proactive' mode for its coding tool

Anthropic's Claude Code update inadvertently leaked source code, revealing potential upcoming features and causing significant exposure before being retracted.
Artificial intelligence
fromThe Verge
2 days ago

Claude Code leak exposes a Tamagotchi-style 'pet' and an always-on agent

Leaked code reveals unreleased features and internal instructions for Anthropic's AI tool, Claude, including a Tamagotchi-like pet and a KAIROS feature.
Artificial intelligence
fromSecurityWeek
4 days ago

Silent Drift: How LLMs Are Quietly Breaking Organizational Access Control

AI assistance in policy as code can introduce serious flaws, leading to incorrect access permissions despite syntactically valid policies.
more#ai
Information security
fromInfoQ
18 hours ago

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.
Women in technology
fromInfoQ
1 week ago

Security and Architecture: To Betray One Is To Destroy Both

Architecture and security have evolved from separate entities to a deeply connected partnership focused on resilience and protection against threats.
DevOps
fromComputerWeekly.com
1 day ago

How 'Wikipedia of cyber' helps SAP make sense of threat data | Computer Weekly

SAP faces significant challenges in securing enterprise data amidst a complex threat landscape and evolving compliance requirements.
Software development
fromInfoWorld
2 days ago

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

LLMs can quickly identify security vulnerabilities in code, but their rapid evolution poses potential risks.
Roam Research
fromInfoWorld
1 week ago

New 'StoatWaffle' malware autoexecutes attacks on developers

StoatWaffle malware communicates with a C2 server to execute various commands and targets browser data and Keychain databases on macOS.
#ai-security
fromInfoWorld
17 hours ago
Information security

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Artificial intelligence
fromInfoQ
6 days ago

Teleport Report Finds Over-Privileged AI Systems Linked to Fourfold Rise in Security Incidents

Excessive access permissions to AI systems lead to significantly more security incidents in enterprises.
Information security
fromTechzine Global
1 month ago

Claude can now scan for complex vulnerabilities, but who will find them?

Claude Code Security uses AI to scan entire codebases for complex, context-dependent vulnerabilities beyond traditional static analysis, offered in limited preview to enterprise customers.
Information security
fromTheregister
2 months ago

Block red-teamed its own AI agent to run an infostealer

AI agents must be demonstrably safer and better than humans and deployed with least-privilege access and enterprise-grade risk management.
Information security
fromInfoWorld
17 hours ago

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.
Artificial intelligence
fromInfoQ
6 days ago

Teleport Report Finds Over-Privileged AI Systems Linked to Fourfold Rise in Security Incidents

Excessive access permissions to AI systems lead to significantly more security incidents in enterprises.
more#ai-security
#malware
Information security
fromThe Hacker News
4 days ago

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad malware uses ClickFix tactics and AI-assisted obfuscation to evade detection and steal credentials immediately.
Information security
fromTheregister
1 day ago

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.
Information security
fromSecurityWeek
2 days ago

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad malware steals credentials and intercepts browser interactions, utilizing ClickFix for distribution and evading detection through sophisticated techniques.
Information security
fromThe Hacker News
4 days ago

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad malware uses ClickFix tactics and AI-assisted obfuscation to evade detection and steal credentials immediately.
more#malware
#cybersecurity
fromThe Hacker News
1 day ago
Information security

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

Information security
fromSecurityWeek
6 hours ago

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.
Information security
fromTechzine Global
2 days ago

AI gives attackers superpowers, so defenders must use it too

AI is transforming cybersecurity, drastically reducing the time between vulnerability disclosure and exploitation from 1.5 years to mere hours.
Node JS
fromInfoQ
4 days ago

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.
Information security
fromThe Hacker News
1 day ago

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.
Information security
fromSecurityWeek
6 hours ago

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.
Information security
fromTechzine Global
2 days ago

AI gives attackers superpowers, so defenders must use it too

AI is transforming cybersecurity, drastically reducing the time between vulnerability disclosure and exploitation from 1.5 years to mere hours.
more#cybersecurity
Software development
fromFortune
3 days ago

Anthropic leaks its own AI coding tool's source code in second major security breach | Fortune

Anthropic leaked the source code for Claude Code, exposing 500,000 lines of code due to a packaging error, raising cybersecurity concerns.
DevOps
fromInfoQ
2 weeks ago

Sonatype Launches Guide to Enhance Safety in AI-Assisted Code Generation

Sonatype Guide ensures AI-generated code uses safe, valid, and maintainable dependencies through real-time security intelligence and optimized dependency management.
DevOps
fromTechzine Global
2 weeks ago

BloodHound sniffs out attack paths in Okta, GitHub, and Mac environments

BloodHound Enterprise expands to Okta, GitHub, and Mac environments via OpenGraph extensions, enabling identity attack path management across hybrid platforms with integrations to Palo Alto, Microsoft Sentinel, and ServiceNow.
Business intelligence
fromSecuritymagazine
3 weeks ago

AI Security and Forensic Accounting: Protecting Financial Systems in an Automated World

AI-enhanced forensic accounting is essential for detecting financial fraud and payment manipulation in automated financial systems vulnerable to sophisticated, AI-driven attacks.
#data-breach
Information security
fromSecuritymagazine
18 hours ago

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.
Information security
fromTheregister
1 day ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.
Information security
fromSecuritymagazine
18 hours ago

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.
Information security
fromTheregister
1 day ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.
more#data-breach
DevOps
fromTechzine Global
2 weeks ago

NinjaOne launches Vulnerability Management for detection and remediation

NinjaOne's Vulnerability Management solution enables real-time vulnerability detection and automated remediation integrated into a single workflow, eliminating delays from traditional periodic scanning approaches.
#application-security
Software development
fromTechzine Global
2 weeks ago

Checkmarx Focuses AppSec on AI Development

Checkmarx One integrates AI-driven security with autonomous agents to continuously monitor code throughout development, shifting security from a separate step to an embedded process that addresses vulnerabilities earlier in the cycle.
fromDevOps.com
1 month ago
Information security

Checkmarx Extends Vulnerability Detection to AI Coding Tool from AWS - DevOps.com

Software development
fromTechzine Global
2 weeks ago

Checkmarx Focuses AppSec on AI Development

Checkmarx One integrates AI-driven security with autonomous agents to continuously monitor code throughout development, shifting security from a separate step to an embedded process that addresses vulnerabilities earlier in the cycle.
fromDevOps.com
1 month ago
Information security

Checkmarx Extends Vulnerability Detection to AI Coding Tool from AWS - DevOps.com

more#application-security
#supply-chain-attack
Information security
fromInfoQ
3 days ago

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.
Information security
fromTechzine Global
2 weeks ago

GlassWorm malware surfaces in development environments

GlassWorm operation compromised over 400 software components across GitHub, npm, and development marketplaces using supply-chain attacks and blockchain-based command-and-control infrastructure.
Information security
fromInfoQ
3 days ago

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.
Information security
fromTechzine Global
2 weeks ago

GlassWorm malware surfaces in development environments

GlassWorm operation compromised over 400 software components across GitHub, npm, and development marketplaces using supply-chain attacks and blockchain-based command-and-control infrastructure.
more#supply-chain-attack
Information security
fromTechzine Global
1 day ago

Blind trust in hardware vendors is always a bad idea

Attackers are increasingly targeting hardware and firmware vulnerabilities as traditional security tools focus primarily on software layers.
Information security
fromSecurityWeek
3 days ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.
Information security
fromSiliconANGLE
3 days ago

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.
Information security
fromInfoQ
3 days ago

Cloudflare Adds Active API Vulnerability Scanning to Its Edge

Cloudflare's Web and API Vulnerability Scanner focuses on detecting Broken Object Level Authorization vulnerabilities in APIs.
Information security
fromSecurityWeek
3 days ago

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.
Information security
fromSecurityWeek
4 days ago

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.
Information security
fromAxios
5 days ago

Everyone's worried that AI's newest models are a hacker's dream weapon

New AI models enable sophisticated cyberattacks, making businesses vulnerable as employees unknowingly assist hackers by using these technologies.
Information security
fromSecurityWeek
6 days ago

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

macOS users are targeted by a ClickFix campaign delivering a Python-based information stealer through a fake Cloudflare verification page.
Information security
fromComputerworld
6 days ago

A critical Windows security fix puts legacy hardware on borrowed time

Microsoft will block unvetted kernel drivers starting April 2026, impacting legacy applications while enhancing security.
Information security
fromThe Hacker News
2 weeks ago

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart attacks hide malicious code in dynamically loaded third-party assets and EXIF metadata, bypassing repository-based static analysis tools like Claude Code Security because the code never enters the source repository.
Information security
fromBleepingComputer
2 weeks ago

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

GlassWorm supply-chain campaign compromised 433 components across GitHub, npm, and VSCode/OpenVSX, using a single Solana blockchain address for command-and-control across coordinated attacks targeting cryptocurrency wallets and developer credentials.
Information security
fromThe Hacker News
2 weeks ago

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

Amazon Bedrock AgentCore Code Interpreter's sandbox allows outbound DNS queries, enabling attackers to exfiltrate data and establish command-and-control channels despite network isolation configuration.
fromSecurityWeek
1 month ago

How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development

This extends to the software development community, which is seeing a near-ubiquitous presence of AI-coding assistants as teams face pressures to generate more output in less time. While the huge spike in efficiencies greatly helps them, these teams too often fail to incorporate adequate safety controls and practices into AI deployments. The resulting risks leave their organizations exposed, and developers will struggle to backtrack in tracing and identifying where - and how - a security gap occurred.
Artificial intelligence
fromThe Hacker News
3 weeks ago

Investigating a New Click-Fix Variant

Atos Researchers identified a new variant of the popular ClickFix technique, where attackers convince the user to execute a malicious command on their own device through the Win + R shortcut. In this variation, a "net use" command is used to map a network drive from an external server, after which a ".cmd" batch file hosted on that drive is executed.
Information security
Artificial intelligence
fromInfoWorld
1 month ago

Claude AI finds 500 high-severity software vulnerabilities

Claude Opus 4.6 uncovered 500 high-severity zero-day vulnerabilities in open-source projects while running in a VM with standard analysis tools and no guidance.
Information security
fromComputerWeekly.com
3 weeks ago

Vulnerability reports: Increase in quantity, decrease in quality? | Computer Weekly

Bug bounty programs face sustainability challenges due to increased low-quality submissions, prompting cURL founder Daniel Stenberg to shut down his HackerOne program and switch to GitHub for vulnerability reporting.
Artificial intelligence
fromInfoWorld
2 months ago

Output from vibe coding tools prone to critical security flaws, study finds

Popular AI code-generation tools frequently produce insecure code, including critical API authorization and business-logic vulnerabilities, requiring careful debugging and context-aware review.
Information security
fromThe Hacker News
3 weeks ago

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Teams must reduce unnecessary internet-facing exposure to minimize vulnerability exploitation risk, as time-to-exploit windows are shrinking to hours or minutes.
Information security
fromTheregister
3 weeks ago

Manage attack infrastructure? AI agents can now help

AI agents enable cybercriminals and nation-state hackers to automate reconnaissance, infrastructure management, and attack planning, significantly increasing the speed and scale of cyberattacks.
#ai-security-vulnerabilities
fromDevOps.com
1 month ago
Information security

Security Flaws in Anthropic's Claude Code Risk Stolen Data, System Takeover - DevOps.com

fromDevOps.com
1 month ago
Information security

Security Flaws in Anthropic's Claude Code Risk Stolen Data, System Takeover - DevOps.com

more#ai-security-vulnerabilities
Information security
fromInfoWorld
1 month ago

What happens when you add AI to SAST

AI agents with multi-modal analysis in SAST dramatically reduce false positives and false negatives inherent in traditional and rules-based SAST tools.
Information security
fromDroids On Roids
2 months ago

When ZeroWidth Isn't Zero: How I Found and Fixed a Vulnerability | Blog

Unicode Variation Selectors can inflate UTF-16 storage size while still passing perceived-length checks, enabling payload injection, performance issues, and possible database crashes.
Information security
fromArs Technica
2 months ago

Never-before-seen Linux malware is "far more advanced than typical"

VoidLink is a modular Linux malware framework providing over 30 modules for stealthy reconnaissance, privilege escalation, lateral movement, and cloud-specific targeting.
Information security
fromTheregister
2 months ago

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.
[ Load more ]