InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
Microsoft

AI brands as bait: How threat actors are using the AI hype in social engineering

As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. In recent months, Microsoft Threat ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

The AI company's Bumblebee tool tackles your most urgent question after any supply‑chain advisory: Do your programmers have ...
Wired

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the ...
IEEE

A Systematic Review on Detection, Repair, and Explanation of Vulnerabilities in Source Code Using Large Language Models

Abstract: Software vulnerabilities pose critical risks to the security and reliability of modern systems, requiring effective detection, repair, and explanation techniques. Large Language Models (LLMs ...
USA Today

Spam ditches the can for new format - hot dogs

Spam has unveiled a new product perfect for the dog days of summer. The canned meat brand is now making hot dogs, it announced on its website. The company described the Spam dog as a "reimagination of ...
Kotaku

PlayStation 3 Emulator Devs Politely Ask That People Stop Flooding It With AI Code Pull Requests

The team behind RPCS3 suggests that vibe-coders "learn how to debug and code" instead of "generating slop that you don't understand" AI Ai slop Emulation PlayStation The team behind RPCS3, the ...
Bleeping Computer

Trellix discloses data breach after source code repository hack

Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 ...
Women's Wear Daily

Californians Hit Temu with Class Action Over Alleged ‘Spam Abuse’

Chinese e-commerce giant Temu is facing a California class action accusing the online marketplace of using deceptive email tactics—on par with “modern spam abuse,” per the filing—to push shoppers into ...
Infosecurity-magazine.com

Deep#Door Python Backdoor Evades Detection On Windows

A stealthy Python-based backdoor framework capable of long-term surveillance and credential theft has been identified targeting Windows systems. According to research from Securonix, the malware, ...