Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...
Dark Reading

TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Wild swings see oil prices hit wartime record of $126 a barrel before coming down hard

Crude oil hit its highest level since 2022 amid reports that the U.S. is considering new attacks on Iran and President Donald ...
SecurityWeek

SAP NPM Packages Targeted in Supply Chain Attack

Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...
CoinDesk

Wasabi Protocol drained of $4.5 million in apparent admin key compromise

The exploit used a similar playbook as Drift's $285 million breach earlier this month — a compromised deployer key with no ...
InfoWorld

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
IT-Online

Supply chains under attack

According to Kaspersky telemetry, almost 19 500 malicious packages were found in open-source projects by the end of 2025, representing a 37% increase compared to the end of 2024. Modern software ...