SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

Taxpayers were unable to file appeals when demand orders reflected zero liability despite disputes. The advisory clarifies that rectification must be sought to enable appeals and protect statutory ...

Home » Security Bloggers Network » Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework The post Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude ...

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...

OpenAI’s Crawler Docs Now List OAI-AdsBot For ChatGPT Ads . OpenAI's docs now list OAI-AdsBot. It's a bot that visits only ...

On sickle cell, Q4 framed the pre-sNDA meeting as pending to define pathway, while Q1 updated to a specific action and timing: CEO Goff said Agios “plan [s] to submit an sNDA…in the second quarter ...

A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and ...

Joining us today is Panna Sharma, Chief Executive Officer, President and Director of Lantern Pharma, who will guide us through the demonstration and discuss the broader implications of this technology ...