cryptopolitan

Microsoft, Google patch flaws as Cordyceps spread across open-source repositories

Security researchers at Novee found over 300 exploitable CI/CD workflow chains across repositories belonging to Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation. The flaws ...

Figma adds code layers, support for animations, more AI features in new update

Figma's update adds a new code layer, support for motion and shaders, and the ability to create custom plug-ins for various ...
techtimes

Claude Code Loop Engineering: Stop Prompting, Start Designing Autonomous Agent Workflows

Anthropic Product Manager and Anthropic engineer Boris Cherny in a video introducing Claude Code on Feb 24, 2025. Anthropic.com Anthropic's Boris Cherny has stopped writing prompts. The creator and ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data.
makeuseof

Microsoft’s open-source era still comes with an asterisk

Oluwademilade is a tech enthusiast with over five years of writing experience. He joined the MUO team in 2022 and covers various topics, including consumer tech, iOS, Android, artificial intelligence, ...
The Hacker News

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code ...
Dark Reading

Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain

The Mini Shai-Hulud malware campaign continues to slither its way through the software supply chain, rearing its malicious head in a fresh wave of compromised npm packages and artifacts, mainly those ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP, the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as ...
SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 packages across multiple high-profile NPM and PyPI projects were compromised in a new, coordinated Mini Shai-Hulud software supply chain attack. The campaign hit 42 TanStack packages, 65 ...
VentureBeat

Anthropic Skill scanners passed every check. The malicious code rode in on a test file.

Picture this scenario: An Anthropic Skill scanner runs a full analysis of a Skill pulled from ClawHub or skills.sh. Its markdown instructions are clean, and no prompt injection is detected. No shell ...
cryptopolitan

Crypto wallets targeted in SAP-linked npm supply-chain attack

Four real SAP npm packages were hacked. The hackers added code that steals crypto wallets, cloud credentials, and SSH keys from developers. These packages had more than 500,000 downloads a week. Four ...