Morgan Stanley Technology, Media & Telecom Conference 2026 March 2, 2026 2:30 PM ESTCompany ParticipantsEd Grabscheid - ...

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.

While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.

Trusted registries are widely treated as a key component of Software Bill of Materials (SBOM) - driven supply chain security ...

The Shai-hulud self-replicating worm, which targets open source repositories, has reemerged with a new, more dangerous variant. Shai-hulud first emerged in September as self-replicating malware that ...

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...

Malicious code continues to be uploaded to open source repositories, making it a challenge for responsible developers to trust what’s there, and for CISOs to trust applications that include open ...

Attackers are exploiting a major weakness that has allowed them access to the NPM code repository with more than 100 credential-stealing packages since August, mostly without detection. The finding, ...

As poisoned software continues to pop up across the industry, some threat actors have found a way to hide malicious code in npm packages and avoid detection from most security tools. In an blog post ...