GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...

The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...
The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
Microsoft

AI brands as bait: How threat actors are using the AI hype in social engineering

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.
CSO Online

Claude Code has an MCP security problem — and your developers are already using it

Claude Code is Anthropic’s AI coding assistant — a command-line tool that developers are adopting fast. It connects to ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
USA Today

Spam ditches the can for new format - hot dogs

Spam has unveiled a new product perfect for the dog days of summer. The canned meat brand is now making hot dogs, it announced on its website. The company described the Spam dog as a "reimagination of ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...