Dark ReadingOpinion

Source Code Leaks Highlight Lack of Supply Chain Oversight

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

Claude Code leak used to push infostealer malware on GitHub

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar ...
SecurityWeek

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found ...

H33 Launches HICS for Free: The First Trust-less Software Scoring Tool with Post Quantum Cryptographic Proof

Free cryptographically verified code quality scoring for software procurement. The best software wins. Not the best ...
WinBuzzer

Anthropic Leaks Claude Code Source via Npm Source Map

Anthropic has accidentally exposed Claude Code's full 512,000-line TypeScript source via an npm source map, revealing ...

Bubble AI app builder abused to steal Microsoft account credentials

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...
today.ucsd

A UC San Diego Tool Teaching Code to 25 Million is Even More Critical in Age of AI

Philip Guo’s research-driven Python Tutor has powered hundreds of millions of code visualizations since 2010 — and new long-term impact recognition highlights why it still matters today When ...
Forbes

5 Tools You Can Vibe Code For Your Business In Under An Hour

Claude Code empowers business owners to build sophisticated digital assets like selling homepages, custom dashboards, client portals, and targeted landing pages without coding or hiring agencies. This ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As ...

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...
csis.org

AI-Driven Code Analysis: What Claude Code Security Can—and Can’t—Do

Q1: How does Claude Code Security function—and how does it differ from traditional static application security testing (SAST)? A1: Conventional rule-based static analysis uses pattern matching, ...