A flaw in Anthropic's Claude for Chrome browser extension could allow a malicious extension to trigger predefined AI actions ...
Stolen and leaked credentials lead to Node.js packages from AsyncAPI and Jscrambler Code Integrity being poisoned with ...
Threat actors compromised AsyncAPI packages and weaponized trusted CI/CD workflows to distribute malware through npm. This ...
Cursor AI code editor faces unpatched vulnerability enabling code execution, adding to a string of critical RCE flaws ...
Ostium DEX drained $18M USDC via compromised oracle key on Arbitrum. Attacker used future-dated prices to loop profitable trades and empty vault. Major RWA perp protocol hit despite $27.8M funding ...
A popular artificial intelligence (AI) coding tool can be exploited in just two clicks, allowing attackers to install permission-rich model context protocol (MCP) servers on privileged developers' ...
Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack that ...
A hacker used Ostium's own price-reporting infrastructure against the protocol, submitting falsified future-dated oracle data to manufacture fake trading profits and trigger an $18 million payout.
Two vulnerabilities found in Anthropic’s Claude for Chrome extension remain exploitable months after they were reported to ...