Anthropic Removes Hidden Data Marker from Claude Code After Researcher Discovery

An independent researcher discovered a function in Claude Code's JavaScript bundle that covertly encoded user time zone data, prompting Anthropic to remove the feature and call it an experiment.

The Latest

Breaking News and Alerts

OpenSSH 10.4 Patches Memory Exhaustion and Host Key Flaw

The new release closes a remote memory exhaustion attack vector and adds experimental post quantum signature support while breaking some automation scripts with configuration output changes.

Spotlight

Cybersecurity Profiles and Stories

Fake Clipboard Manager Targets macOS Users with Stealthy Data Theft

PamStealer uses a Rust based binary and native macOS APIs to evade detection while stealing passwords, clipboard data, and browser credentials.

Linux Kernel Bug Grants Root Privileges on Servers and Android Phones

The CVE-2026-46242 kernel flaw exploits a race condition and use-after-free in the epoll subsystem, affecting everything from cloud servers to Android smartphones.

New Malware Technique Hides Inside AI Coding Assistant Plugins

Researchers found that modified malware placed inside AI coding assistant plugins bypassed eight major security scanners more than 80 percent of the time.

TrojPix Exfiltrates Data from Air-Gapped Machines via Video Cable Emissions

A novel exfiltration method leverages imperceptible pixel modulation in video cables to transmit data via radio emissions, achieving speeds far beyond typical air-gap covert channels.

Features

Research and Thought Leadership