Microsoft

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...
SecurityWeek

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
洗護用品和肥皂

Germany: CSO publication shows impact & practical examples from the implementation of the German Supply Chain Act

"The impact of due diligence legislation – Practical examples from the implementation of the German Supply Chain Act", 9 February 2026 Three years after the German Supply Chain Due Diligence Act (LkSG ...
The Hacker News

ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security

January 5, 2026, Seattle, USA — ZAST.AI announced the completion of a $6 million Pre-A funding round. This investment came from the well-known investment firm Hillhouse Capital, bringing ZAST.AI's ...
GitHub

The most comprehensive toolkit for Claude Code -- 135 agents, 35 curated skills (+15,000 via SkillKit), 42 commands, 121 plugins, 19 hooks, 15 rules, 7 templates, 6 MCP configs ...

One hundred twenty-one production-ready plugins that extend Claude Code with domain-specific capabilities.
GitHub

Claude Code Skills & Agents Factory

claude-code-skills-factory/ ├── README.md # This file ├── CLAUDE.md # Repository guidance ├── AGENTS.md # Codex CLI documentation (auto-generated) ├── CHANGELOG.md # Version history ├── .claude/ │ ├── ...