CSO Online

Claude Code has an MCP security problem — and your developers are already using it

The Mitiga disclosure is the most recent, but it is not the first time Claude Code’s configuration model has created a ...
VentureBeat

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

On May 19, 633 malicious npm package versions passed Sigstore provenance verification. They were cleared by the system because the attacker had generated valid signing certificates from a compromised ...
Bleeping Computer

VSCode extensions with 9 million installs pulled over security risks

Microsoft has removed two popular VSCode extensions, 'Material Theme – Free' and 'Material Theme Icons – Free,' from the Visual Studio Marketplace for allegedly containing malicious code. The two ...
SiliconANGLE

Sonar expands SonarQube with advanced security for third-party open-source code

Code quality testing startup SonarSource SA today announced the upcoming release of SonarQube Advanced Security, a new offering that will extend the company’s analysis capabilities beyond first-party ...