Device code phishing attacks surge 37x as new kits spread online

Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year.

A 4 a.m. scramble turned Anthropic's leak into a 'workflow revelation'

Sigrid Jin woke up to chaos and shipped "Claw Code" by breakfast. Here's everything it taught the world.
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

New EvilTokens service fuels Microsoft device code phishing attacks

A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft ...
SDxCentral

Google Vertex agentic flaw latest chink in hyperscale AI armor

The stolen credentials also granted access to the Google Cloud storage buckets within the tenant project in which a Vertex ...
InfoWorld

PEP 816: How Python is getting serious about Wasm

Another big drawback: Any modules not written in pure Python can’t run in Wasm unless a Wasm-specific version of that module ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.
GitHub

SAP Skills for Claude Code

Production-ready Claude Code plugins for SAP development. Each plugin provides context-aware skills that activate automatically when you work with SAP BTP, CAP, Fiori, ABAP, Analytics, and more. Note: ...
GitHub

A minimal, secure Python interpreter written in Rust for use by AI.

Experimental - This project is still in development, and not ready for the prime time. A minimal, secure Python interpreter written in Rust for use by AI. Monty avoids the cost, latency, complexity ...