InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Microsoft’s open source tools were hacked to steal passwords of AI developers

According to security firm Cloudsmith and community-driven malware analysis site OpenSourceMalware, which were some of the ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
Morning Overview on MSN

OpenAI asks all macOS users to update immediately after the TanStack attack forced the company to rotate its code-signing certificates

OpenAI is telling every Mac user running its ChatGPT or Codex desktop app to update right now. The urgency traces back to a supply-chain attack on a popular open-source JavaScript toolkit called ...
thetechedvocate.org

North Korean Hackers Exploit Axios NPM Package in Major Supply Chain Attack

The attack has raised significant concerns about the security of open-source software repositories, particularly those that house libraries and packages relied upon by millions of applications ...
Yahoo Finance

Azul Shows That Mean Time to Exploit Java Vulnerabilities Drops to Five Days

The above button links to Coinbase. Yahoo Finance is not a broker-dealer or investment adviser and does not offer securities or cryptocurrencies for sale or facilitate trading. Coinbase pays us for ...
IT News For Australia Business

Apple patches 'Coruna' exploit

Apple has backported patches for iOS 15 and 16 devices just this week, with iOS 15.8.7 and iOS 16.7.15 released to address the kernel and WebKit vulnerabilities associated with Coruna for devices that ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and ...
financefeeds

Noord-Koreaanse hackers gebruik NPM-pakkette om kripto-beursies te dreineer en sensitiewe inligting te oes.

Noord-Koreaanse staatsgeborgde kuberkrakers have stepped up their cyberattacks, using the open-source NPM ecosystem to spread harmful packages. The “Contagious Interview” operation is behind these ...