Latest news as of 5/20/2026, 9:44:47 PM
The Hacker News
Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is currently available in a limited research preview to Enterprise and Team customers. "It scans codebases for security vulnerabilities and suggests targeted
Graham Cluley
Spain's police force has announced that it has arrested a 20-year-old man who they claim managed to book luxury hotel rooms worth up to €1,000 a night for just one euro cent. Read more in my article on the Hot for Security blog.
The Register
About 100 customers affected PayPal has notified about 100 customers that their personal information was exposed online during a code change gone awry, and in a few of these cases, people saw unauthorized transactions on their accounts.…
Dark Reading
Researchers say threat actors wielded the sophisticated — and unfortunately named — toolkit to target high-value networks for React2Shell exploitation.
The Register
4K unintended installs in very odd supply chain attack Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd that secretly installed OpenClaw on developers' machines without their knowledge. … supply chain attack
Krebs on Security
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the target and the legitimate site -- forwarding the victim's username, password and multi-factor authentication (MFA) code to the legitimate site and returning its responses.
Dark Reading
Microsoft Copilot recently summarized and leaked user emails; but any AI agent will go above and beyond to complete assigned tasks, even breaking through their carefully designed guardrails.
Bleeping Computer
Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data. [...]
The Register
What happens in Vegas… Las Vegas hotel and casino giant Wynn Resorts appears to be the latest victim of data-grabbing and extortion gang ShinyHunters.…
Dark Reading
After two years of finding flaws in AI infrastructure, two Wiz researchers advise security pros to worry less about prompt injection and more about vulnerabilities.