AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at runtime.

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
TechCrunch

Claude Code rolls out a voice mode capability

Anthropic is bringing Voice Mode to Claude Code, the company’s AI coding assistant for developers. The launch of voice mode marks a significant step toward more hands-free, conversational coding ...
ZDNet

This new Claude Code Review tool uses AI agents to check your pull requests for bugs - here's how

Anthropic launches AI agents to review developer pull requests. Internal tests tripled meaningful code review feedback. Automated reviews may catch critical bugs humans miss. Anthropic today announced ...