The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

OpenAI to Apple macOS users: Update ChatGPT, Codex and its other apps before May 8 or lose access

If you use any OpenAI apps on your Mac, here's something you don't want to ignore. OpenAI is requiring all macOS users to ...
The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...
Le Lézard

Constructive Open Sources Agentic DB, the Postgres Memory Layer for AI Agents

Constructive, the company behind open-source Postgres and JavaScript infrastructure with over 100 million open-source ...
InfoWorld

OpenAI’s Symphony spec pushes coding agents from prompts to orchestration

Symphony offers a glimpse of how enterprises may move from using AI as a coding assistant to managing it as part of the ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
OfficeChai

In 2015, Singapore’s PM Had Written A Sudoku Solver In C++, Current Foreign Minister Had Translated It Into JavaScript

The news of Singapore’s foreign minister building an AI assistant for himself using NanoClaw to answer diplomacy questions has been doing the ...
Morning Overview on MSN

This wild AI tool rips off open source code without breaking copyright

In early 2025, a class-action lawsuit against GitHub, Microsoft, and OpenAI over Copilot’s use of open-source training data ...
DataBreachToday

Flurry of Supply-Chain Software Library Attacks

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Mythos shock: Why regulators in India, other nations are spooked by Anthropic’s new tool

Anthropic’s Mythos AI model has triggered global cybersecurity concerns due to its advanced ability to both detect and ...
Security Boulevard

Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign

The compromise of a version of Bitwarden's CLI is connected to the ongoing Checkmarx supply chain campaign, but differences in the operational methods of both incidents are making it difficult to ...