Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

Koi security researchers found that when NPM installs a dependency from a Git repository, configuration files such as a ...
Security Boulevard

APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1

IntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the ...
The Hacker News

Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code

Security researchers found two AI-branded VS Code extensions with 1.5M installs that covertly send source code and files to ...
CPO Magazine

Hackers Are Auctioning 860GB of Source Code Stolen From Target’s Development Server

Hackers have listed 860GB of private source code and assets stolen from Target’s Gitea self-hosted software development ...
Security BoulevardOpinion

Clawdbot Is What Happens When AI Gets Root Access: A Security Expert’s Take on Silicon Valley’s Hottest AI Agent

Clawdbot is the viral AI assistant everyone's installing—but giving AI agents full system access raises critical security ...
India Today on MSN

Clawdbot is latest AI sensation in Silicon Valley, makes Mac Mini shoot up: Full story in 5 points

If you look at the tech Twitter (aka X) today, you will come across a sensation called Clawdbot. The new AI tool is the latest buzzword in Silicon Valley and it has even made the sale of Apple Mac ...
The Hacker News

⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Weekly cybersecurity recap covering emerging threats, fast-moving attacks, critical flaws, and key security developments you ...