The ‘Miasma’ worm source code briefly leaked on GitHub

The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain ...
WeLiveSecurity

FrostyNeighbor: Fresh mischief and digital shenanigans

This blogpost covers newly discovered activities attributed to FrostyNeighbor, targeting governmental organizations in Ukraine. FrostyNeighbor has been running continual cyberoperations, changing and ...
The Hacker News

Chrome | Breaking Cybersecurity News | The Hacker News

Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all ...

Fake Claude Code Installers Deliver Credential-Stealing Malware

Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other ...

Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More

This vibe coding cheat sheet explains how plain-language prompts can build apps fast, plus the planning, testing, and ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
abp LIVE

Pin Code Finder

India is a vast nation with 28 states and at least 718 districts. In order to identify regions, Indian postal department has allotted a unique code known as Pin Code to each district/village/town to ...
IEEE

Computational Electromagnetics Code Validation and the Electromagnetic Code Consortium: Case studies, challenges, lessons learned, and recommendations.

Abstract: We examine validation of computational electromagnetic (CEM) codes through the lens of the Electromagnetic Code Consortium (EMCC), a group of U.S. government and associated CEM practitioners ...
GitHub

Catch the slop AI coding agents leave in your code.

The patterns Claude Code, Cursor, Codex, and OpenCode leave behind: narrative comments above self-explanatory code, swallowed exceptions, as any casts, hallucinated imports, duplicated helpers, dead ...
GitHub

suzuki-shunsuke/pinact-action

pinact-action is a GitHub Actions to pin GitHub Actions and reusable workflows by pinact. By default this action discovers .github/workflows/*.{yml,yaml} and (*/){0,3 ...
Microsoft

Typosquatted npm packages used to steal cloud and CI/CD secrets

Microsoft has identified an active supply chain attack targeting the npm package ecosystem. On May 28, 2026, a single threat actor operating under the newly created maintainer alias vpmdhaj (a39155771 ...
The Hacker News

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, ...