The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
The Hacker News

OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic ...

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.

'Please do not vibe f--- up this software': Broken backups spark AI coding row in rsync project

Users probe backup failures find Claude-assisted commits. Veteran engineer retorts: 'I did not just vibe-code 'convert test ...
Memeburn

GitHub Hack Exposes 3,800 Repos and a Bigger VS Code Risk

The GitHub hack shows how one poisoned VS Code extension gave attackers access to 3,800 internal repositories. If you rely on third-party developer tools, this breach is a warning to audit your ...

Google Says Hackers Used AI to Build Zero-Day Exploit

Google says hackers used AI to help build a zero-day exploit targeting 2FA, raising concerns about AI-assisted hacking.

GitHub confirms 'hacking' attack; says: We detected and contained a compromise of an employee device involving a poisoned ...

GitHub has confirmed a cyberattack after a threat actor claimed to be selling stolen company data. The breach involved unauthorized access to internal repositories via a compromised employee device ...

Should You Hijack a Corporate AI Chatbot for Free Tokens?

A developer went viral for reconfiguring Chipotle’s customer support bot into a coding assistant, and providing the playbook ...

‘I’m not bad, I’m just drawn that way’: Kathleen Turner’s best films – ranked!

As she nears her 72nd birthday, we honour the actor whose ‘smoked honey’ vocals added to her vampy persona on screen, whether bringing Jessica Rabbit to life or crushing Michael Douglas between her th ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...