A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with ...

The Mitiga disclosure is the most recent, but it is not the first time Claude Code’s configuration model has created a ...

Dashlane said that attackers mounted a coordinated hacking campaign against a large base of its users in an attempt to ...

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...

A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels.

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.

Cybersecurity researchers at Aikido Security have uncovered a malicious supply chain attack targeting OpenAI Codex developers via the npm package “codexui-android”. While the associated GitHub ...

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...

Claude subscription billing changes June 15 as Anthropic moves Agent SDK and claude -p to a separate per-user credit of $20 ...

The incident highlights how attackers can hide malicious code in software packages that differ from the source code available ...