Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
The Droid Guy

I Spent 24 Hours Benchmarking GPT-5.5 Against Claude Opus 4.7 — Here Is What Actually Happened

Within hours I paused an ongoing Opus 4.7 benchmark, swapped the API keys, and ran the exact same methodology on ...