Dark Reading

Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS

SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to ...
XDA Developers on MSN

Treating Claude Code as just a coding tool is like using a Swiss Army knife to open cans

The terminal assistant you paid for can do a lot more than coding.
The Hacker News

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Megalodon pushed 5,718 malicious GitHub commits in 6 hours, exposing CI secrets and cloud credentials at scale.

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...