- Anthropic confirms it leaked 512,000 lines of Claude Code source code — spilling some of its biggest secrets
April 1, 2026
An Anthropic employee accidentally leaked the source code for one of the most popular Artificial Intelligence (AI) assistants out there – Claude Code. Security researcher Chaofan Shou posted on X, saying “Claude Code source code has been leaked via a map file in their npm registry!” The tweet itself was viewed more than 30 million times ...
- Iran targets M365 accounts with password-spraying attacks
March 31, 2026
Suspected Iran-linked threat actors are conducting password-spraying attacks against hundreds of organizations, primarily Middle Eastern municipalities, in campaigns that security researchers believe may have been aimed at supporting bomb-damage assessment following missile strikes. Tel Aviv-based Check Point Research on Tuesday said that the attackers used multiple source IP addresses to target numerous Microsoft 365 accounts, affecting ...
- North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
March 31, 2026
Google Threat Intelligence Group (GTIG) is tracking an active software supply chain attack targeting the popular Node Package Manager (NPM) package “axios.” Between March 31, 2026, 00:21 and 03:20 UTC, an attacker introduced a malicious dependency named “plain-crypto-js” into axios NPM releases versions 1.14.1 and 0.30.4. Axios is the most popular JavaScript library used to simplify ...
- Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure
March 31, 2026
Between late February and March 2026, threat group TeamPCP conducted a highly calculated, escalating sequence of supply chain threats. It systematically compromised widely trusted open-source security tools, including the vulnerability scanners Trivy and KICS and the popular AI gateway LiteLLM. The affected software also includes the official Python SDK of Telnyx. These ongoing supply chain attacks ...
- Iran threatens to start attacking major US tech firms on April 1
March 31, 2026
Iran’s Islamic Revolutionary Guard Corps warned Tuesday that it plans to begin attacking more than a dozen American companies across the Middle East on Wednesday in retaliation for the killing of Iranian citizens in the ongoing war with the US and Israel. The list of companies includes Apple, Google, IBM, Intel, Microsoft, Tesla, and Boeing, which ...
- GitHub developers targeted by fake VS Code alerts spreading malware
March 30, 2026
Cybercriminals are tricking GitHub into sending out fraudulent email notifications, luring software developers into downloading malware, experts have warned. Security researchers Socket, who said they observed a large-scale, coordinated spam campaign targeting developers on various projects. GitHub has a section called “Discussions”, which is essentially a forum for discussing various projects. When a developer participates in, ...
- Beyond Compliance: How Financial Institutions Can Meet New Fraud-Sharing Mandates While Respecting Privacy
March 30, 2026
Authorized Push Payment (APP) fraud is one of the most damaging forms of digital deception. The pattern repeats itself thousands of times each year: an email from the bank’s security team warning of suspicious activity. A phone call that follows immediately. The caller ID matches. The “fraud prevention officer” knows details about recent transactions. Within minutes, ...
- Bogus Avast website fakes virus scan, installs Venom Stealer instead
March 27, 2026
A fake website impersonating Avast antivirus is tricking people into infecting their own computers. The site looks legitimate, runs what appears to be a virus scan, and claims your system is full of threats. But the results are fake: when you’re prompted to “fix” the problem, the download you’re given is actually Venom Stealer—a type of ...
- Commission investigates cyberattack targeting EU websites
March 27, 2026
The European Commission has announced that it is investigating a cyber attack that took place on Tuesday, targeting its cloud infrastructure hosting the ‘europa.eu’ websites and leading to a data leak. “Early findings of our ongoing investigation suggest that data have been taken from those websites,” it said in a statement on Friday evening, adding that ...
- Iranian hackers allegedly breached FBI Director Patel’s personal emails
March 27, 2026
Hackers breached FBI Director Kash Patel’s personal email, according to sources familiar with the situation. The majority of the emails were from prior to 2019, according to sources, and appear to be from before his tenure at the FBI. There were a few emails from 2022, sources told ABC News. “The FBI is aware of malicious ...
- Coruna: the framework used in Operation Triangulation
March 26, 2026
On March 4, 2026, Google and iVerify published reports about a highly sophisticated exploit kit targeting Apple iPhone devices. According to Google, the exploit kit was first discovered in targeted attacks conducted by a customer of an unnamed surveillance vendor. It was later used by other attackers in watering-hole attacks in Ukraine and in financially motivated ...