A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. The activity has been ongoing since at ...
Kaspersky warns of malvertising campaign abusing Claude Code Fake download sites deliver Amatera infostealer on Windows, AMOS on macOS Developers risk exposing source code, corporate data, and ...
Security researchers have found a way to hijack AI coding agents with nothing but a fake bug report. They call it Agentjacking. It needs no malware, no stolen password, and no breach of the target.
Cutting corners: The code looked harmless. A GitHub repository, a small freelance task, and a standard request sent over LinkedIn to a blockchain engineer: run this snippet, fix a few bugs, get paid.
Fake Claude Code install sites are pushing malware that steals API keys, developer credentials, crypto wallets, and other sensitive data. Developers searching for Claude Code installation instructions ...
A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading ...
A likely North Korean threat actor has phished software developers at almost 100 organizations with fake job and code-review lures to steal cryptocurrency and credentials. According to new analysis ...