Two malicious versions of the axios HTTP client library, axios@1.14.1 and axios@0.30.4, were published to npm using compromised credentials of a lead maintainer. The attacker altered the maintainer's email to a ProtonMail address and manually published the malicious packages, which included a remote access Trojan.

The Xbox One has been successfully hacked using a boot ROM exploit known as Bliss. For over a decade, the console was considered highly secure compared to other gaming systems.

Claude Code Security is a new capability in Claude Code that scans codebases for security vulnerabilities and suggests targeted software patches for human review. It aims to assist security teams in addressing the overwhelming number of software vulnerabilities.

1Password has open-sourced a benchmark called the Security Comprehension and Awareness Measure (SCAM) to address the risk of AI agents leaking credentials. SCAM evaluates the ability of AI models to identify phishing threats while operating as autonomous agents with access to sensitive tools.

A new malware campaign is delivering AMOS (alias SOMA) stealers to Macs through forged Apple-like websites linked from docs.google.com and business.google.com. Malicious scripts are also being found in articles posted on Medium.

Anthropic's newest AI model, Claude Opus 4.6, has identified over 500 previously unknown high-severity security flaws in open-source libraries with minimal prompting. This advancement demonstrates the potential of AI tools to enhance cybersecurity defenses.

Claude Opus 4.6 features significant advancements in AI models' cybersecurity capabilities. Experts believe the current moment is critical for accelerating the defensive use of AI in response to the increasing risk of LLM-discovered zero-day vulnerabilities.

OpenClaw's agent skills provide extensive access to files, tools, browsers, and terminals, creating potential vulnerabilities. The system's long-term memory feature can capture user behavior, increasing the risk of exploitation.

On February 2, 2026, Notepad++ developers reported a compromise of their update infrastructure due to a hosting provider incident between June and September 2025. Attackers maintained access to internal services until December 2025, leading to multiple execution chains and payloads.

Moltbook, a social network for AI agents, had a significant security vulnerability that exposed private messages and email addresses of over 6,000 users. Cybersecurity firm Wiz reported that the flaw allowed unauthorized access to sensitive data shared between AI agents.