CSO Online

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
Memeburn

GitHub Hack Exposes 3,800 Repos and a Bigger VS Code Risk

The GitHub hack shows how one poisoned VS Code extension gave attackers access to 3,800 internal repositories. If you rely on third-party developer tools, this breach is a warning to audit your ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
Hackaday

After The Dust Settles: Building Pebble Apps

For a piece of wearable technology, Pebble has had a fairly “rocky” history. One of the most successful Kickstarters of its ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

Should You Hijack a Corporate AI Chatbot for Free Tokens?

A developer went viral for reconfiguring Chipotle’s customer support bot into a coding assistant, and providing the playbook ...

GitHub confirms 'hacking' attack; says: We detected and contained a compromise of an employee device involving a poisoned ...

GitHub has confirmed a cyberattack after a threat actor claimed to be selling stolen company data. The breach involved unauthorized access to internal repositories via a compromised employee device ...
The Hacker News

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...

Google Makes Bombshell Claim That Hackers Used AI to Create Zero-Day Flaw in Their System

Google said it disrupted what it described as the first known cyberattack in which hackers used artificial intelligence to find and build an exploit for a previously unknown software flaw ...
The Brief India on MSN

CJP protester claims EVMs run on Python, experts call it technically incorrect

A claim made during the June 6 CJP protest at Delhi's Jantar Mantar has gone viral after a speaker identifying himself as an IT expert alleged that India's Electronic Voting Machines (EVMs) run on ...

Google stopped a zero-day hack that it says was developed with AI

Google researchers found evidence in the exploit’s code that it may have been created using AI, like a ‘hallucinated’ CVSS score. is a news writer covering all things consumer tech. Stevie started out ...