Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

Although executed by different attackers – Axios by North Korean-linked goons, and Trivy et al. by a loosely knit band of ...
The Hacker News

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...
InfoQ

Anthropic Accidentally Exposes Claude Code Source via npm Source Map File

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.
IEEE

Determining software quality using code analysis metrics

Abstract: This paper addresses the evaluation of software quality through the use of code analysis metrics. Software quality is critical to ensuring functionality, reliability, and maintainability, ...

Claude Code leak used to push infostealer malware on GitHub

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar ...
SecurityWeek

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found ...
WinBuzzer

Anthropic Leaks Claude Code Source via Npm Source Map

Anthropic has accidentally exposed Claude Code's full 512,000-line TypeScript source via an npm source map, revealing ...
GitHub

Turns Claude Code into a frontend expert that reviews and fixes your UI automatically.

Works on any URL — localhost, staging, production. Any site your machine can reach. Free for all Claude Code users (Pro plan and above). No API keys. No extra costs. Just install and go. review_ui The ...
Bleeping Computer

GitHub adds AI-powered bug detection to expand security coverage

GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks. The developer ...
InfoWorld

Claude Code AI tool getting auto mode

Anthropic is fitting its Claude Code AI-powered coding assistant with an auto mode for the Claude AI assistant to handle permissions on the user’s behalf, with safeguards to monitor actions before ...