On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had spread to at least 169 packages across the npm registry, the world’s ...
A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the security risks of hallucinated dependencies. Attackers too are looking to cash ...
Researchers found a way to trick AI coding assistants like Claude into running malware hidden in GitHub repositories. Here's ...
Researchers have revealed what they claim to be a “new class of attack” which tricks AI coding agents into executing arbitrary code on developer machines. Tenet Security, which specializes in the ...
GitHub disabled 73 Microsoft repositories after a Miasma supply chain attack. Malicious commits targeted AI coding tools, VS Code, and developer workstations. Developers should rotate credentials if ...