ActiveState, a global leader in open source language solutions and secure software supply chain management, today announced it has grown its catalog of secure open source components to 79 million, ...
The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.
Moonwell’s $1.78 million oracle mispricing exploit is reigniting debate over “vibe-coded” smart contracts and how AI tools ...
Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...
Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
ThreatsDay Bulletin tracks active exploits, phishing waves, AI risks, major flaws, and cybercrime crackdowns shaping this week’s threat landscape.
Cryptopolitan on MSN
Claude Opus 4.6 blamed after $1.78M exploit hits Moonwell
DeFi lending protocol Moonwell lost $1.78 million after AI code from Claude Opus 4.6 led to an oracle configuration error.
While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.
Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results