New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

YubiKey Manager: Security vulnerability allows execution of injected code

Yubico warns of a search path vulnerability in YubiKey Manager, libfido2 and python-fido2. Updates fix the bugs.
Dark Reading

Bad Memories Still Haunt AI Agents

Anthropic fixed a significant vulnerability in Claude Code's handling of memories, but experts caution that memory files will ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
Hosted on MSN

AI and Xbox unveil tools to reshape creative workflows

Anthropic has launched AI connectors integrating Claude with major creative and design platforms, while Xbox introduced its Game Package Manager to simplify game publishing. These updates promise to ...

What most LLM apps get wrong about security

When Nandakishore Leburu was building LLM applications at LinkedIn, he learned that the models weren't the problem. The security around them was. He's now a Principal Engineer at Walmart, working on ...
HealthcareInfoSecurity

Socket Buys Secure Annex to Expand Supply-Chain Visibility

Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and ...
How-To Geek on MSN

3 powerful Linux apps to try this weekend (May 1st–3rd)

Linux apps so good, you'll wonder why you ever clicked anything else.
OMG! Ubuntu

Linux App Release Roundup (April 2026)

April 2026 has been and gone, but not before delivering an array of Linux software updates, including new versions of popular ...