Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...

Home » Security Bloggers Network » Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework The post Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude ...

Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest ...

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub ...

A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other ...

Gabriela Moreira, CEO of Quint at Informal Systems, is a research engineer specializing in programming languages and formal ...

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample ...

The hidden VS Code tool has replaced the terminal for me.

Anthropic's Claude has approved malicious code in a spoofed Git identity test, showing how weak GitHub Actions trust rules ...