The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...
SecurityWeek

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

Over 70 clones of popular extensions published to the Open VSX marketplace in April are likely designed to deliver GlassWorm ...

Attack of the killer script kiddies

For decades, this type of no-skill hacker, known as a script kiddie, has wreaked havoc, running scripts they ripped from the ...

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
The Hacker News

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

New ‘Pack2TheRoot’ flaw gives hackers root Linux access

A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or ...
SecurityWeek

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.
GitHub

Personal AI, On Personal Devices.

Personal AI agents are exploding in popularity, but nearly all of them still route intelligence through cloud APIs. Your "personal" AI continues to depend on someone else's server. At the same time, ...
Axios on MSN

Faster attacks, quicker exploits: Early testers of new AI models warn of their new abilities

The real leap in Anthropic's and OpenAI's latest cyber-capable models isn't that they can hack in entirely new ways, but that ...