The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
Cryptopolitan

Crypto wallets targeted in SAP-linked npm supply-chain attack

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...
Morning Overview on MSN

GitHub’s critical flaw let anyone with push access execute code on servers holding millions of private repos

A single git push command. That is all it would have taken for someone with write access to a repository on GitHub Enterprise ...
Security Boulevard

Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework

Home » Security Bloggers Network » Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework The post Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude ...
SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A researcher has disclosed the details of a prompt injection attack method named ‘Comment and Control’, which has been found to work against several popular AI code security and automation tools. The ...
GitHub

Claude Ads: Paid Advertising Audit Skill for Claude Code

Auto-detects business type from ad account signals (product feeds, conversion events, platform mix, targeting patterns) and loads industry-specific benchmarks and templates. 25 built-in reference ...
GitHub

litellm-pypi-supply-chain-attack.md

summary On March 24, 2026, LiteLLM versions 1.82.7 and 1.82.8 on PyPI were backdoored by TeamPCP using stolen CI/CD credentials. The malware harvested SSH keys, cloud credentials, API keys, and crypto ...