Every processed story in chronological order, with the newest coverage first. Filter by tag, source, or score to drill in.
The attack demonstrates that malware can achieve persistent re-execution through Claude Code and VS Code configuration files that survive package cleanup, and that a single compromised developer credential is sufficient to poison a trusted vendor's entire build pipeline and propagate the worm automatically to new packages.
Security and AI practitioners must account for a new class of adaptive malware that bypasses both traditional patch-based defenses and centralized AI safety controls by running open-weight models on compromised infrastructure at zero marginal cost to the attacker.