Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
Visual Studio Magazine

Special Embrace? VS Code Adapts to Claude Code's Ecosystem

Reflecting a broader trend of Microsoft embracing Claude AI, recent VS Code updates show the company accommodating Claude Code beyond model selection, with support for Claude-specific instruction ...
OSTechNix

Google Chrome Silently Installs a 4GB AI Model on PC Without User Consent

Google Chrome silently installs a 4GB AI Model on desktop systems without user consent. Learn how to find and delete it to ...