CNET

The Feds Took Down a 'Full-Service Cybercrime Platform' Behind $20M in Phishing

The W3LL phishing kit helped criminals steal tens of thousands of account credentials, primarily targeting Microsoft 365 ...
Dark Reading

APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials

The China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to ...
InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.
Ars Technica

Here’s what that Claude Code source leak reveals about Anthropic’s plans

Yesterday’s surprise leak of the source code for Anthropic’s Claude Code revealed a lot about the vibe-coding scaffolding the company has built around its proprietary Claude model. But observers ...
decrypt

Anthropic Accidentally Leaked Claude Code's Source—The Internet Is Keeping It Forever

Add Decrypt as your preferred source to see more of our stories on Google. Anthropic accidentally exposed 512,000 lines of Claude Code via a source map leak. DMCA takedowns failed as mirrors and clean ...
KTLA

LASD warns of scam ‘court notices’ using QR codes to demand payment

Authorities are warning the public about a scam involving fake court notices that appear to come from the Superior Court of California and demand immediate payment through QR codes or other unofficial ...
Searchenginejournal.com

Google’s March Spam Update Felt Muted But May Signal Bigger Changes

Google's spam update was generally welcomed by SEOs. But it was also largely ignored, and when finished, the impact felt anticlimactic. This is because spam updates are not always the point. What may ...
Engadget

Reddit is weighing identity verification methods to combat its bot problem

There could be one more step required before creating an account and posting on Reddit in the future. According to Reddit's CEO, Steve Huffman, the social media platform is exploring different ways to ...
Courthouse News Service

San Francisco jury finds Elon Musk defrauded Twitter investors during $44 billion takeover

Attorney Aaron Arnzen of Bottini & Bottini questions Elon Musk during a trial over Musk's purchase of Twitter. (Photo by Vicki Behringer via Courthouse News) SAN FRANCISCO (CN) — Elon Musk defrauded ...
Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
Visual Studio Magazine

Going Local (& a Bit Loco) with Open-Source AI in VS Code

Running open-source AI locally in VS Code proved possible, but the path was more complicated than the polished model catalogs initially suggested. On a modest company laptop with 12 GB of RAM and no ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...