Security Boulevard

Anthropic Claude Code Leak

IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...
PCMag on MSN

Anthropic issues copyright takedowns to scrub Claude code leak

Anthropic is trying to remove details about its coding agent from GitHub, but programmers are converting the code into ...
Cybernews

Researchers find hundreds of exposed API keys providing access to AWS, GitHub, Stripe, and ...

The exposed keys belonged to major service providers such as AWS, Stripe, and GitHub, and the potential damage ranged from ...
WinBuzzer

Claude Code Bug May Destroy Uncommitted Work Every 10 Minutes

Anthropic's Claude Code CLI has been found silently running git reset --hard every 10 minutes, destroying uncommitted changes ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across ...

GitHub Store 1.7.0: Updates without click, security without root

Automatic updates, silent install, app-repo linking and signature verification: GitHub Store becomes a power-user tool with ...

In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should ...

Gartner issued a same-day advisory after Anthropic leaked Claude Code's full architecture. CrowdStrike CTO Elia Zaitsev and ...
WinBuzzer

Trivy Breached Twice in a Month via GitHub Actions

Attackers have hijacked 75 of 76 GitHub Actions tags for Aqua Security's Trivy scanner, distributing credential-stealing ...
Bleeping Computer

Betterleaks, a new open-source secrets scanner to replace Gitleaks

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules. Secret scanners are specialized utilities that ...

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...