GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.

GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

Experts have pinned the attack on “one of npm’s most depended-on packages” on hackers backed by the Democratic People’s ...

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

The exposure traces back to version 2.1.88 of the @anthropic-ai/claude-code package on npm, which was published with a 59.8MB ...

Anthropic's Claude Code source has leaked via a packaging error, exposing anti-distillation traps, an undercover mode, and ...

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions of the widely used JavaScript HTTP client library.

A set of dependency-free JavaScript modules to work with binary data in JS (using Typed Arrays). Includes: bitjs/archive: Decompressing files (unzip, unrar, untar, gunzip) in JavaScript, implemented ...