Security news aggregator

Latest coverage for Malicious Code

Malicious Code covers malware analysis, reported incidents, infrastructure, disruption efforts, and defensive guidance to reduce cyber risk.

90 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Malicious code is software, a script, or an altered program intended to perform unauthorized or harmful actions on a device or network. The term includes malware such as viruses, worms, trojans, spyware, and ransomware, as well as harmful macros or commands. Depending on its function, it may exploit a software weakness, execute with a user’s permissions, disrupt availability, or modify, destroy, or collect data.

Security teams should treat malicious code as both a prevention and detection concern: keep operating systems and applications patched, restrict unnecessary scripting and privileges, and use endpoint controls that identify unusual execution or persistence. Network and host telemetry can support investigation, while isolation and recovery from known-good backups can limit damage after execution. Analysis of samples and indicators can also guide threat intelligence and vulnerability-management priorities, but suspected code should be handled carefully to avoid executing it on production systems or exposing collected data.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 90 Filtered view

A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed malicious code into the action itself and onto the projects downstream that pull it

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is

The Hacker News 2 months, 2 weeks ago

2026: The Year of AI-Assisted Attacks

On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young man shared his motivation for the hack: he wanted to buy Pokémon cards

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI code scanning stops and client-side runtime execution begins

Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft

Loading more headlines...