Decrypt

DeepClaude Lets You Run Claude Code With DeepSeek's Brain for 17x Cheaper

DeepClaude swaps Claude Code's expensive Anthropic backend for DeepSeek V4 Pro, keeping the agent loop, slashing the bill.

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
GovInfoSecurity

Claude Code Attack Persists After Token Rotation

A researcher has mapped a five-step attack on Claude Code that intercepts the credentials giving AI agents access to Jira, ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
Security Boulevard

Local Guardrails for Secrets Security in the Age of AI Coding Assistants

Modern developer environments expose sensitive context across files, prompts, logs, and commands. Learn how layered local ...
Dark Reading

TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...
Security Boulevard

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

TestMu AI Launches Kane CLI, the New Browser Automation Tool Built for AI Agents and Developers

India], April 29: TestMu AI (formerly LambdaTest), the world's first full-stack Agentic Quality Engineering platform, today announced the launch of Kane CLI, a new browser automation tool that runs ...