Every processed story in chronological order, with the newest coverage first. Filter by tag, source, or score to drill in.
The attack demonstrates that malware can achieve persistent re-execution through Claude Code and VS Code configuration files that survive package cleanup, and that a single compromised developer credential is sufficient to poison a trusted vendor's entire build pipeline and propagate the worm automatically to new packages.
Developers and site owners relying on third-party WordPress plugins should audit their installed plugins for recent ownership changes, as legitimate acquisition — not just bad code — is now a proven attack vector for supply chain compromise.