Security experts discover critical flaw in OpenAI's Codex able to compromise entire organizations

Researchers managed to steal GitHub OAuth tokens by abusing a command injection vulnerability.
SecurityWeek

TeamPCP Moves From OSS to AWS Environments

The TeamPCP hacking group has been using credentials stolen in the recent OSS campaign to enumerate and compromise AWS ...

Hackers are using fake coding jobs to spread malware through GitHub

The malware at the center of it, dubbed Omnistealer by investigators, uses public blockchains not just for payments, but as ...
The Hacker News

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.
GitHub

Alishahryar1/free-claude-code

Zero Cost 40 req/min free on NVIDIA NIM. Free models on OpenRouter. Fully local with LM Studio ...
PCMag

Malware Is Sleeping on the Blockchain, and It's Already Infected Dozens of Global Targets

Experts warn the campaign could outpace past global cyberattacks, with hundreds of thousands of credentials already ...

Backdoored Telnyx PyPI package pushes malware hidden in WAV audio

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver ...
The Hacker News

ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...
IEEE

Code Vulnerability Repair with Large Language Model Using Context-Aware Prompt Tuning

Abstract: Large Language Models (LLMs) have shown significant challenges in detecting and repairing vulnerable code, particularly when dealing with vulnerabilities involving multiple aspects, such as ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
The Guardian

Thousands of authors publish ‘empty’ book in protest over AI using their work

About 10,000 writers including Kazuo Ishiguro, Philippa Gregory and Richard Osman join copyright campaign Thousands of authors including Kazuo Ishiguro, Philippa Gregory and Richard Osman have ...