Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
DataBreachToday

Malicious Repo Files Could Hijack Claude Code Sessions

Check Point research found three critical flaws in Anthropic's Claude Code that allow attackers to execute arbitrary commands ...

From 'Shift Left' To 'Shift Smart': Why AI Agents Will Replace Static Analysis

In 2026 and beyond, organizations need to strengthen their shift-left strategy by embracing a new strategy: "shift smart." ...
Security Boulevard

Shifting Security Left for AI Agents: Enforcing AI-Generated Code Security with GitGuardian MCP

In this article, we will explore the hot topic of securing AI-generated code and demonstrate a technical approach to shifting ...

Anthropic's Claude Code Security is available now after finding 500+ vulnerabilities: how security leaders should respond

Anthropic's Claude Opus 4.6 surfaced 500+ high-severity vulnerabilities that survived decades of expert review. Fifteen days later, they shipped Claude Code Security. Here's what reasoning-based ...

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team has discovered a coordinated campaign targeting software developers through malicious repositories posing as legitimate Next.js projects and technical assessment materials, ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...
CSO Online

How to make LLMs a defensive advantage without creating a new attack surface

LLMs can supercharge your SOC, but if you don’t fence them in, they’ll open a brand-new attack surface while attackers scale faster.
Visual Studio Magazine

In Agentic AI, It's All About the Markdown

Markdown is emerging in VS Code and Visual Studio 2026 as a version-controlled instruction layer that governs AI agents, ...

ASD releases Azul open-source malware analysis tool

Sample files for Azul are kept in a Simple Storage Service (S3) compatible binary large object (blob) store, and processed ...
Security Boulevard

APT37 Adds New Capabilities for Air-Gapped Networks

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

Anthropic Vs. IBM: AI Starts To Threaten Businesses (Rating Downgrade)

International Business Machines Corporation stock plunges; downgrade IBM to Hold as Anthropic's Claude Code threatens ...