On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had ...

Attackers are using fake Claude Code install pages and malicious search ads to spread infostealer malware targeting Windows and macOS systems. Threat actors are exploiting a common developer habit — ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering ...

OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and ...

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...

Steven Musil is a senior news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around ...

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix ...

PCWorld reports that Anthropic accidentally leaked over 500,000 lines of source code for its AI coding tool Claude Code due to a misconfigured .map file in its npm package. The leak revealed ...

A threat group planted a malicious npm package in a crypto trading project through an AI-generated commit by Anthropic's ...

Anthropic PBC has accidently exposed the source code for its Claude Code command-line interface tool through a packaging error that led to the inclusion of sensitive ...