Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.
Security Boulevard

This fake Windows support website delivers password-stealing malware

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.
Developer Tech

Google TorchTPU enables native PyTorch AI execution

Google has launched TorchTPU, an engineering stack enabling PyTorch workloads to run natively on TPU infrastructure for ...

Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack' that could have wiped millions of SSL private keys, database passwords, more; and Elon ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software horror\"—and the details are ge.
Crypto Briefing

Anthropic’s Claude Code leak reveals autonomous agent tools and unreleased models

Anthropic exposed Claude Code source on npm, revealing internal architecture, hidden features, model codenames, and fresh ...
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
The Hacker News

The State of Trusted Open Source Report

Compliance continues to drive adoption of trusted open source: We saw the same themes from December present here, underscored ...
Cryptopolitan on MSN

Axios supply chain attack raises risk to crypto wallets

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

Anthropic leaks source code for Claude Code again: Here's what happened

Anthropic has exposed Claude Code's source code, with a packaging error triggering a rapid chain reaction across GitHub and ...

AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack

AI hiring startup Mercor confirmed it was "one of thousands of companies" affected by the LiteLLM supply-chain attack as the ...

Meta's new structured prompting technique makes LLMs significantly better at code review — boosting accuracy to 93% in some cases

This technique can be used out-of-the-box, requiring no model training or special packaging. It is code-execution free, which ...

MCP, Agent Tool Access And The New Execution-Layer Security Gap

The execution layer has already shifted from humans to machines. This transition is not a future trend; it is the current ...