The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds

How mature is your AI agent security? VentureBeat's survey of 108 enterprises maps the gap between monitoring and isolation — ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
Dark Reading

TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

TeamPCP is weaponizing the fruits of its extensive supply chain attacks, using stolen credentials to access cloud and software-as-a-service (SaaS) environments. The threat group this month compromised ...
SDxCentral

Cisco source code breach leaks AI projects and AWS credentials

Cisco source code including AI codebases were exposed in a more modern type of cybersecurity breach against the network vendor. According to Bleeding Computer, Cisco’s development environment was ...