SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub ...

The Red Sun vulnerability repository. Contribute to Nightmare-Eclipse/RedSun development by creating an account on GitHub.

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other ...

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing ...

No member of the Sackler family — the billionaire dynasty that owned and ran Purdue Pharma — has ever been criminally charged ...

NomShub, a vulnerability chain in Cursor AI, allowed attackers to achieve persistent access to systems via indirect prompt ...

Sponsored by OpenAI, Warp launches an open-source ADE where users can submit ideas and watch agents build and ship them ...

A flaw in Cursor’s AI agent lets malicious repositories trigger arbitrary code execution through routine Git operations, now ...

The April update suppresses Copilot completions while IntelliSense is active, addressing a long-running editor conflict.

The entire source code for Anthropic’s Claude Code command line interface application (not the models themselves) has been leaked and disseminated, apparently due to a serious internal error. The leak ...