SecurityWeek

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...
Cyber Daily

The industry speaks – part 2: World Password Day 2026

However, the biggest human element threat in 2026 isn’t just password reuse – it’s the accidental insider threat created by ...
The Hacker News

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP’s Mini Shai-Hulud campaign used hijacked GitHub OIDC tokens to spread a credential-stealing worm through TanStack npm ...
Decrypt

Fake OpenAI Repo Hit #1 on Hugging Face—And Stole Passwords While It Trended

A fake repo impersonating the OpenAI Privacy Filter model racked up 244,000 downloads in under 18 hours before Hugging Face ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.
Decrypt

Hackers Used AI to Build a Zero-Day Exploit That Bypasses Two-Factor Authentication: Google

Cybercriminals used an AI model to find and weaponize a previously unknown software flaw, Google's threat team confirmed ...
Infosecurity Magazine

Fake Claude Code Page Pushes PowerShell Stealer at Devs

The helper's sole function is to invoke the browser's IElevator2 COM interface, introduced in Chrome 144, to recover the ...
Microsoft

ClickFix campaign uses fake macOS utilities lures to deliver infostealers

Threat actors are targeting macOS users with fake utility fixes that trick them into running malicious Terminal commands.
Hosted on MSN

White House app found with hidden GPS tracking, weak security

A security researcher’s decompilation of the White House’s official mobile app uncovered hidden GPS tracking, insecure code ...

Online archives of over 20 years of tech reporting | The Register

Dive into The Register's online archive of incisive tech news reporting, features, and analysis dating back to 1998 ...
Hosted on MSN

New Roblox script guides spark safety and ban concerns

Recent guides for using scripts in popular Roblox games are drawing attention to the risks of account bans, malware infections, and exploitation. While these scripts can automate gameplay and unlock ...