The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
PCMag

Anthropic Rolls Out Autonomous Vulnerability-Hunting AI Tool for Claude Code

The new tool, now testing as part of Claude Code, can scan codebases for security vulnerabilities and suggest targeted ...
GitHub

Claude Code Skills & Agents Factory

claude-code-skills-factory/ ├── README.md # This file ├── CLAUDE.md # Repository guidance ├── AGENTS.md # Codex CLI documentation (auto-generated) ├── CHANGELOG.md # Version history ├── .claude/ │ ├── ...
The Hacker News

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass ...
IEEE

MALPRE: Malware Protocol Reverse Engineering through Code Slicing and Agentic Workflow

Abstract: Clarifying malware communication protocols is critical for enhancing system security. Existing protocol reverse engineering (PRE) methods lack effective strategies, failing to recover ...
CSOonline

AI-powered polymorphic attack lures victims to phishing webpages

AI-fueled attacks can transform an innocuous webpage into a customed phishing page. The attacks, revealed in a research from Palo Alto Networks’ Unit 42, are clever in how they combine various ...