The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Singer D4vd is ‘target’ in investigation of killing of girl whose body was found in car in Hollywood

Singer D4vd is at the center of a Los Angeles grand jury investigation of the killing of a 14-year-old girl found dead in a ...

Anthropic's Claude Code Security is available now after finding 500+ vulnerabilities: how security leaders should respond

Anthropic's Claude Opus 4.6 surfaced 500+ high-severity vulnerabilities that survived decades of expert review. Fifteen days later, they shipped Claude Code Security. Here's what reasoning-based ...
SecurityWeek

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.
Los Angeles Magazine

Gruesome Court Docs: Teen Celeste Rivas Hernandez Confirmed Dismembered in Cadaver Bag in Tesla Linked to D4vd

Public court records from Texas and California reveal key evidence, witness subpoenas and the focus of a Los Angeles homicide ...

Court docs name D4vd as target of Celeste Rivas Hernandez murder investigation; new gruesome details revealed

Court documents made public in the alleged homicide of 14-year-old Celeste Rivas Hernandez reveal gruesome new details about ...
The Pricer

AI Agents Can’t See 87.6% of Your Website’s Commercial Content

When someone asks ChatGPT, Claude, Gemini, or Copilot to read a webpage, the AI decides what the user sees — not your layout, not your ad tags, and not your structured data. Most of what you put on ...