The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

In A.I. Blunder, More Than 34,000 Instagram Accounts Were Attacked

The flaw, which Meta said it had fixed, allowed anyone to take over accounts using a bug in the company’s new artificial ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
CSO Online

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
Hackaday

Revisiting Using AI Coding Assistants: You’re Holding It Wrong Edition

After scathing accusations of skimping on due diligence, as well as other feedback to my article on trying to use an ‘AI ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
CNBCTV18

Meet Rylen Anil, the teen ethical hacker who smelt a rat in NEET, JEE portals

Teenager ethical hacker Rylen Anil helps IIT Roorkee fix NEET and JEE portal misconfiguration, exposing temporary data risks ...
SecurityWeek

Chinese Cybercrime Group in Spotlight for Record Campaign Pace

The Chinese-speaking cybercrime group TA4922 has been escalating its malicious activities, expanding to Europe and Africa.
Bleeping Computer

Get a lifetime of ethical hacking and Python security training for $15

The Complete Ethical Hacking Course gives a strong introduction to cybersecurity with 29 hours of content across 320 lectures and a live ethical hacking lab where you practice what you’re learning in ...

Google blocked the first known AI-powered attack on 2FA accounts; here is how hackers tried to break in, know how to stay safe

Foreign hackers attempted a novel AI-powered cyberattack targeting two-factor authentication using a zero-day exploit. Google's Threat Intelligence Group detected and thwarted this sophisticated plot, ...