Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Microsoft says Storm-2949 targets Microsoft 365 and Azure environments using MFA abuse, password resets, and cloud data theft ...

Anthropic acquired Stainless, the SDK toolmaker behind OpenAI and Google, then shut the hosted products down for rivals. Inside the agentic AI infrastructure play.

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...

The deal gives Anthropic tighter control over how developers connect Claude to software and business systems as AI vendors ...

Storm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft ...

When (and why) does AI coding flip from promising to a security nightmare? Let's look under the coding hood.

Stolen credentials produced valid Sigstore certificates, clearing 633 malicious npm packages — one of seven developer tool ...

Anthropic has completed the acquisition of the developer tools startup Stainless, bringing a widely used software platform in ...