Cybernews

100K stars in a day: Claw-code based on leaked Claude Code smashes GitHub record

Anthropic’s leak of proprietary Claude Code sparked the developer community to group around “claw-code,” the fastest-growing ...
Arabian Post

Telnyx package breach jolts Python supply chains

Security teams are scrambling after two malicious releases of the Telnyx Python SDK were uploaded to PyPI on March 27, turning a widely used developer tool into a credential-stealing backdoor that ...

'Hundreds of thousands of stolen secrets could potentially be circulating as a result of ...

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...

C24-X06 从一次拦截看AI安全本质:智能体越智能,终端运行时动态防御 ...

本次案例正是最好的警示:一个看似正常的扩展插件,险些将病毒带入系统。这充分说明,只要智能体仍在与系统交互、仍在联网运行,运行时的动态防御就绝不能缺失——危险往往藏在“正常操作”背后。此次事件之所以未造成实际影响,关键在于天珣EDR For ...
腾讯网

Claude Code 泄露同一天,Axios 惨遭史上最大投毒,朝鲜出品

朝鲜这个国家,在大多数人的认知里应该是相当封闭落后的。但他们的网络攻击能力,一直被严重低估。从 2014 年的索尼影业攻击,到 2017 年的 WannaCry 勒索病毒,再到这次对 npm 生态的精准打击,朝鲜黑客的技术水平和作战纪律一点也不「落后 ...
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...