Mini Shai-Hulud npm Attack Hijacks Claude Code Sessions
A May 19 npm supply-chain wave compromised 317 packages including timeago.js and the @antv ecosystem, rewriting .claude/settings.json to hijack Claude Code, Codex, and Cursor sessions.
Sieve Scans Claude and Cursor History for Leaked API Keys
A new $9.99 macOS app scans the local chat databases of Claude Code, Cursor, and VS Code Copilot for exposed API keys and secrets before they cause damage.
Voice AI Security Flaw: AudioHijack Hits 13 Models
Security researchers have found a way to hijack voice AI models using inaudible sounds embedded in ordinary audio clips. AudioHijack achieved 79 to 96 percent success rates across 13 large audio language models.
Anthropic's Mythos Cracked macOS M5 Security in 5 Days
Security firm Calif used Anthropic's Mythos Preview to build the first macOS M5 kernel exploit in five days, bypassing Apple's Memory Integrity Enforcement.
Mistral Python Package Backdoor: Check Your SDK Now
mistralai==2.4.6 was backdoored in the Mini Shai-Hulud supply chain attack. PyPI quarantined the project. Here is what to check and do if you build with Mistral's Python SDK.