howtonotcode.com

ANTHROPIC

APR_02 // 06:22

Anthropic’s Claude Code source leaked via npm sourcemap; roadmap-level agent features exposed

Anthropic accidentally shipped a Claude Code npm update that exposed its source, revealing always-on agent plans and internal scaffolding. A packagin...

CLAUDE

MAR_27 // 07:39

AI agents hit by real supply‑chain and tool‑use RCE warnings; lock down MCP and doc feeds now

AI coding agents faced fresh, concrete security hits this week across supply chain and tool-use layers, while one vendor shipped new runtime guardrail...

PYPI

MAR_26 // 07:25

LiteLLM PyPI compromise exfiltrated cloud and CI/CD secrets; pin and rotate now

The popular LiteLLM PyPI package was briefly compromised, exfiltrating cloud and CI/CD secrets with links to a broader Trivy supply‑chain attack. PyP...

PYPI

MAR_25 // 07:31

LiteLLM PyPI compromise shows why to turn on dependency cooldowns now

A malicious LiteLLM 1.82.7/1.82.8 PyPI release briefly stole developer creds on install, highlighting the value of package “cooldown” age gates. Simo...

NVIDIA

MAR_17 // 13:09

Nvidia’s “OpenClaw” push blurs robotics, GPU security, and edge AI—teams need an attestation plan

Nvidia is expanding OpenClaw across robotics and GPU security while vendors preinstall it on edge boxes, forcing teams to tighten attestation and hard...

OPEN-VSX

MAR_16 // 17:52

GlassWorm hits Open VSX while AI agents go rogue: lock down your dev stack and production guardrails

A new Open VSX supply‑chain attack and real AI‑agent mishaps highlight gaps in developer tooling and runtime governance. Socket found at least 72 mal...