LinkedIn secretely scans for 6,000+ Chrome extensions, collects data

A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan ...

Anthropic accidentally exposed Claude Code source, raising security concerns

The exposure traces back to version 2.1.88 of the @anthropic-ai/claude-code package on npm, which was published with a 59.8MB ...
MIT Technology Review

The Download: gig workers training humanoids, and better AI benchmarks

Zeus is a data recorder for Micro1, which sells the data he collects to robotics firms. As these companies race to build ...
IBL News

Claude Code's Software Accidentally Leaked Via a Map File

New York Anthropic accidentally leaked to the public part of its Claude Code, its agentic AI, yesterday. A 59.8 MB JavaScript ...

Claude Code unintentionally open source: Source map reveals all

The source code of Anthropic's CLI tool Claude Code was accidentally made publicly accessible via a source map in the npm ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Supply chain attack hits 100 million-download Axios npm package

�� CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest [email protected] now pulls ...
The Hacker News

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.