DarkSword leak puts millions of iPhone users at risk

A leaked hacking tool called DarkSword could expose older iPhones and iPads to attacks through malicious links and ...

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...

OpenAI upgrades Codex to automate your workflows - and compete better with Claude Code

Codex's new plugins push it beyond coding and position it to challenge Claude Code's growing lead among developers.
InfoWorld

OpenAI adds plugin system to Codex to help enterprises govern AI coding agents

The move lets IT administrators standardize and distribute agent behaviors across engineering teams, but OpenAI’s third-party ...

Security boffins scoured the web and found hundreds of valid API keys

Computer security boffins have conducted an analysis of 10 million websites and found almost 2,000 API credentials strewn across 10,000 webpages.

A simple coding mistake is exposing API keys across thousands of websites

A large-scale study has revealed that websites are unintentionally exposing API keys tied to services like AWS, Stripe, and OpenAI, with most leaks traced back to publicly accessible JavaScript files.

A major hacking tool has leaked online, putting millions of iPhones at risk. Here’s what you need to know.

Here’s what we know, and what you need to know, about Coruna and DarkSword, two advanced iPhone hacking tools discovered by ...
WinBuzzer

90% of Claude Code Output Lands in Low-Star GitHub Repos

Anthropic's Claude Code has surpassed 20 million GitHub commits, but 90% of output has landed in repos with fewer than two ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

PolyShell attacks target 56% of all vulnerable Magento stores

Attacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are ...
SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

Cloudflare’s new Dynamic Workers ditch containers to run AI agent code 100x faster

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU ...