VentureBeat

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
dbta

Sonar Ushers in Support for Third-Party, Open Source Code Analysis and Security

Sonar, the leading provider of integrated code quality and code security solutions, is unveiling SonarQube Advanced Security, a significant advancement in code security which will soon be available.
Hosted on MSN

Anthropic's AI coding tool leaks its own source code for the second time in a year

Anthropic, the American artificial intelligence company behind the Claude family of AI models, has once again inadvertently exposed the complete source code of its AI coding tool, Claude Code, through ...
PC World

Anthropic leaked its own Claude Code source code by mistake

PCWorld reports that Anthropic accidentally leaked over 500,000 lines of source code for its AI coding tool Claude Code due to a misconfigured .map file in its npm package. The leak revealed ...
InfoWorld

Anthropic employee error exposes Claude Code source

A version of the AI coding tool in Anthropic's npm registry included a source map file, which leads to the full proprietary source code. An Anthropic employee accidentally exposed the entire ...