SecurityWeek

SAP NPM Packages Targeted in Supply Chain Attack

Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...

Crypto hack losses top $630M in April, highest since February 2025

Crypto hacks in April topped $630 million across 25 incidents led by DeFi exploits, marking the highest monthly total since ...
CoinDesk

Wasabi Protocol drained of $4.5 million in apparent admin key compromise

The exploit used a similar playbook as Drift's $285 million breach earlier this month — a compromised deployer key with no ...
Cryptopolitan on MSN

Crypto devs face new threat from Claude-based malware

A threat group planted a malicious npm package in a crypto trading project through an AI-generated commit by Anthropic's ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
eWeek

Amazon Welcomes OpenAI to Its Cloud Portfolio

AWS grabs OpenAI, Google courts the Pentagon, and Microsoft races to plug a zero-click hole. Cloud, code, and combat are suddenly one tangled leaderboard. Ready up, because this bracket's reshuffling ...
GovInfoSecurity

Socket Buys Secure Annex to Expand Supply-Chain Visibility

Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...