Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...
Morning Overview on MSN

Researchers warn of Vertex AI agent flaw that could expose cloud data and code

Security researchers have identified a vulnerability in Google’s Vertex AI agent framework that could allow attackers to ...
Dark Reading

Google Chrome Zero-Day Bug Under Attack, Allows Code Injection

Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. It paves the way for code execution and other cyberattacks on targeted endpoints. The ...
Hosted on MSN

Contagious Claude Code bug Anthropic ignored promptly spreads to Cowork

Anthropic's tendency to wave off prompt-injection risks is rearing its head in the company's new Cowork productivity AI, which suffers from a Files API exfiltration attack chain first disclosed last ...
CRN

ConnectWise ScreenConnect Vulnerability Exploited: CISA

The ConnectWise ScreenConnect vulnerability, which earlier this year was identified as a potential way for threat actors to perform ViewState code injection attacks, is now being exploited, according ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
Security

Cybersecurity Awareness Month: How to mitigate an SQL Injection Attack

In response to this, the application security SaaS company Indusface has detailed the potential financial impact of SQL Injection attacks on businesses. Additionally, they offer best practices to help ...