New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
The Hacker News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.

Anthropic sues to block Pentagon’s supply-chain risk designation

AI startup was blacklisted after refusing to allow its technology to be used for autonomous weapons or domestic surveillance ...

What to know about Defense Protection Act and the Pentagon’s Anthropic ultimatum

Defense Secretary Pete Hegseth gave Anthropic an ultimatum this week: Open its artificial intelligence technology for unrestricted military use by Friday, or risk losing its government contract.
insurancebusinessmag

Scope 3 in the claims supply chain is insurers’ ‘massive blind spot,’ says expert

When Canada’s prudential regulator, OFSI, released Guideline B 15 on climate risk, much of the industry conversation centred on governance, disclosure templates and model risk. But behind the ...