Security Boulevard

This fake Windows support website delivers password-stealing malware

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.

Project Zomboid identifies and bans over a dozen Steam Workshop mods containing 'heavily obfuscated code' that was 'creating malicious files'

Players should take "appropriate security measures to ensure their system is safe. Simply uninstalling the mods is not ...
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
InfoQ

Anthropic Accidentally Exposes Claude Code Source via npm Source Map File

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...

Hackers Turned Anthropic's Claude Code Leak into a Malware Lure

Cybercriminals are exploiting the recent Claude Code source code leak to distribute Vidar malware via fake GitHub repositories.
Infosecurity Magazine

How Security Leaders Can Safeguard Against Vibe Coding Security Risks

Infosecurity outlines key recommendations for CISOs and security teams to implement safeguards for AI-assisted coding ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Source Code for Anthropic’s Claude Code Leaks at the Exact Wrong Time

After details of a yet-to-be-announced model were revealed due to the company leaving unpublished drafts of documents and ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
The Hacker News

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.