InfoWorld

Anthropic employee error exposes Claude Code source

A version of the AI coding tool in Anthropic's npm registry included a source map file, which leads to the full proprietary ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
InfoWorld

Visual Studio Code previews chat customizations editor

Just-released Version 1.113 of Microsoft’s Visual Studio Code editor emphasizes improvements ranging from chat customizations to support for MCP (Model Context Protocol) in Copilot CLI and Claude ...

Security study finds thousands of API credentials exposed on the web for years

Researchers scan 10 million websites and uncover thousands of exposed API keys quietly granting access to cloud systems and ...
The Hacker News

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...
InfoQ

Anthropic Accidentally Exposes Claude Code Source via npm Source Map File

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
Security Boulevard

Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...
The Next Web

LinkedIn is secretly scanning your browser for 6,000 extensions, and you weren’t told

LinkedIn runs a hidden JavaScript script called Spectroscopy that silently probes over 6,000 Chrome extensions and collects ...
Visual Studio Magazine

Hands On with OpenClaw Node for VS Code: Real Workflow, Real Friction

OpenClaw's Node for VS Code extension proved it can support a real local file-based workflow, but on Windows the experience still feels more like early infrastructure than finished tooling.