Public Leak of “DarkSword” Exploit Kit Puts Millions of iPhones in the Crosshairs

A report has confirmed that a highly sophisticated, full-chain exploit kit internally known as DarkSword has been publicly ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

Anthropic unchains Claude Code with auto mode, allowing it to choose its own permissions

Anthropic PBC is taking the leash off its popular artificial intelligence coding tool Claude Code, introducing a new feature ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...