JFrog says six malicious npm packages used hidden install-time execution, JSONKeeper fetches, and sandbox checks to enable remote access.
The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system.
Alibaba will bar staff from using Anthropic's Claude Code from July 10 over an alleged backdoor, a source says, amid a wider Claude-Qwen dispute.
ThreatsDay Bulletin covers this week’s cyber threats, from phishing and ransomware to exposed AI systems, sandbox flaws, and ...