News
AI-Powered GitHub Bot Quietly Targeted 500+ Repositories for Three Weeks Before Anyone Noticed
2+ hour, 26+ min ago (346+ words) Follow Cyber Kendra on Google News! | WhatsApp | Telegram A threat actor armed with AI-assisted automation spent three weeks silently probing open-source repositories before security researchers caught on " and by then, the damage was already done. Wiz Research published findings this…...
Anthropic's Claude Code source code exposed via npm package
6+ day, 2+ hour ago (521+ words) Follow Cyber Kendra on Google News! | WhatsApp | Telegram A 59.8 MB JavaScript source map file " a debugging artifact that translates compressed, minified code back into readable source " was accidentally bundled into version 2.1.88 of the @anthropic-ai/claude-code package on the public npm…...
Axios Hack Alert: Malicious npm Versions Drop RAT on macOS, Windows, and Linux
6+ day, 15+ hour ago (319+ words) Follow Cyber Kendra on Google News! | WhatsApp | Telegram Developers relying on axios " the JavaScript HTTP client installed over 300 million times weekly " woke up Tuesday to a nightmare scenario: two versions of the package had been quietly weaponised to install a…...
Apple's Swift Programming Language Now Officially Builds Android Apps
1+ week, 1+ day ago (250+ words) Follow Cyber Kendra on Google News! | WhatsApp | Telegram After roughly a year of groundwork, Apple's Swift programming language has crossed what was once considered an uncrossable line " it now officially supports Android development. The Swift 6.3 release, shipped earlier this month,…...
Hackers Could Hijack Your Machine Just by Sharing a Git Repo — Claude Code Users Were at Risk
1+ mon, 1+ week ago (293+ words) Follow Cyber Kendra on Google News! | WhatsApp | Telegram Developers who use Anthropic's Claude Code to write software with AI assistance were sitting on a serious security blind spot: cloning the wrong Git repository could have handed an attacker complete control…...
Critical Flaws Exposed in zkLogin: Zero-Knowledge Proofs Can't Fix Broken Authentication
1+ mon, 3+ week ago (275+ words) Follow Cyber Kendra on Google News! | WhatsApp | Telegram "Zero-knowledge proofs can't fix what they can't see," the researchers write in their disclosure. "Our analysis shows that real-world ZK authorisation systems are only as secure as the authentication infrastructure they're built…...
Two Missing Characters Nearly Compromised Every AWS Account Worldwide
2+ mon, 3+ week ago (376+ words) Follow Cyber Kendra on Google News! | WhatsApp | Telegram Security researchers at Wiz have exposed a hair-raising vulnerability that could have given attackers complete control over the AWS JavaScript SDK'the cornerstone library powering the AWS Console and two-thirds of all cloud…...
Node.js Patches Critical Flaws That Could Expose Secrets from Uninitialized Memory
2+ mon, 3+ week ago (218+ words) Follow Cyber Kendra on Google News! | WhatsApp | Telegram Node.js developers need to patch immediately. The project released emergency updates across all active versions (20.x through 25.x) on Tuesday, addressing eight security flaws'three rated high severity'that could expose sensitive data or…...
MongoDB's No-Login Memory Leak Exposes Years of Database Deployments
3+ mon, 1+ week ago (307+ words) Follow Cyber Kendra on Google News! | WhatsApp | Telegram MongoDB has rushed patches for a high-severity vulnerability that transforms the database giant's compression feature into an open door for memory thieves. The flaw'designated CVE-2025-14847'allows attackers to pilfer sensitive data straight…...