For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

Microsoft debuts Surface RTX Spark Dev Box to run large AI models without cloud costs

Microsoft’s new Surface RTX Spark Dev Box packs Nvidia Blackwell AI power and 128GB of unified memory to run large AI models ...
eWeekOpinion

Anthropic Hits the Self-Coding Panic Button

To stop this from spiraling, Anthropic calls for a verifiable, industry-wide pause—a kind of AI arms-control treaty—because ...
The Business Times

Anthropic looks to set up shop in Singapore, fill roles from finance to product support

[SINGAPORE] Anthropic, the San Francisco-based research firm behind the popular artificial intelligence tool Claude, is ...
Lablab.ai

AI Hackathon Success Stories (Part 2): Seven Builders Who Won Hackathons by Making AI Agents Safer

AI hackathon success stories: seven builders who won by making autonomous AI agents safer. OlympusOS, Deals Machine, Kraken ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
The Hacker News

âš¡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...

AI-built ransomware toolkit automates EDR evasion, AD discovery

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade ...
The Hacker News

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...
The Next Web

One click on GitHub.dev is all it takes to hand over your private repositories

A VS Code vulnerability in GitHub.dev lets attackers steal full GitHub OAuth tokens via a single malicious link, exposing all private repositories.
The Next Web

A popular OpenAI Codex tool with 29,000 weekly downloads has been quietly stealing developer tokens for a month

The codexui-android npm package silently exfiltrated OpenAI Codex auth tokens to an attacker server for a month, affecting 29,000 weekly downloads.