Claude Code's source code appears to have leaked: here's what we know

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...
Microsoft

WhatsApp malware campaign delivers VBS payloads and MSI backdoors

A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

NFL’s last foray into replacement refs featured blown calls, rule mixups and the Fail Mary

The NFL’s last foray into replacement officials ended in embarrassment for the league when a botched call and comic confusion ...

Bullet that killed Charlie Kirk ‘doesn’t match rifle’ found with assassin suspect Tyler Robinson

Tyler Robinson faces the death penalty for his alleged role in shooting the Conservative icon as he spoke at Utah University.

This App Makes Even the Sketchiest PDF or Word Doc Safe to Open

When somebody sends you a document as an attachment, don't just open it. Use the free tool Dangerzone to scrub it clean of ...

How early porn exposure is impacting young men | The Excerpt

Early porn exposure among boys is rising. And experts say it leads to lasting struggles with addiction, mental health and ...
Windows Report

Axios Hack Bypasses GitHub Protections and Installs Hidden Malware on Systems

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through malicious npm releases. Security researchers from StepSecurity identified ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...
The Hacker News

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.